Touch ID on iPhone 5s will still require use of PIN


The Wall Street Journal reports:

An Apple spokesman pointed to other security features the company has added to the phone. Apple customers who wish the use Touch ID also have to create a passcode as a backup. Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn't been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.

This sounds like the Touch ID system may be best thought of as a quick unlock and not a comprehensive security system. If the reboot information is accurate, it's sort of like the difference between logging into a computer when it boots and entering a password for the screensaver. You finger will unlock the screensaver, but when you reboot, you'll need your PIN. And also if you happen to unplug from the world for 48 hours, you'll need to "log" back in via PIN.

A PIN makes sense because it's hard to imagine a biometrics system on a consumer device being 100% reliable. Plus you may still need the flexibility of unlocking a device without being an authorized user.

The message though seems to be Apple feels a PIN is still more secure than a finger print, which may be counter-intuitive to consumers. That somewhat depreciates the feature to a convenience gadget vs a real security feature. Probably the best way to look at this is Touch ID will get people locking their devices when otherwise they can't be bothered with a PIN.