8 comments

[ 3.5 ms ] story [ 31.8 ms ] thread
From a security-analyst perspective, using the owner's fingerprints adversely was fairly anticipated.
This. The supreme court ruled that access to one's fingerprints do not require a warrant
I wonder if the same applies for icloud backups of your iPhone/iPad/MacBook. Does anyone know ?
If you feel for some reason that you may need to disable Touch ID it is only a few taps:

Home -> Settings -> Touch ID -> Set iPhone Unlock to Off

Also, turning the phone off will do the same trick as Touch ID cannot unlock your phone directly after restarting (I mean, assuming there are no lock screen zero-days like the ones that have surfaced in the past)

Phone is encrypted with the Secure Enclave -> that password is absolutely required to decrypt, if the phone has been turned off.

Edit: Failing any cold-boot attacks etc.

Fingerprints are a form of identification, not a password.
Isn't a password also a form of identification? The idea is that only _you_ know what to type, much the same as only you have those fingerprints (otherwise it'd be pointless).

I think maybe we shouldn't look at it as much in terms of what it is -- a fingerprint, or a string of characters -- but the role it fulfills: unlocking something. We just can't extract your password from your brain or it'd probably be treated the same as a fingerprint... right?

You're hitting at the difference between identification and authentication. We use tokens/passwords/etc for authentication of a public ID. I feel like one's fingerprint is pretty commonly used as an identifier, so using it for a password (heck, engineering it into your system in the first place) is terrible.