Fingerprint locking your phone IS a useful security

Fingerprint locking your phone IS a useful security

Security is about making things difficult to steal, not impossible. If someone is really determined to get hold of something, they'll do it. All you can do it make it sufficiently difficult that it puts most people off.

A case in point is the fingerprint scanner on the new iPhone 5S. It only took a couple of days and before it was "hacked" - (http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid). In their blog post the Choas Computer Club (CCC) say that :-

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access."

[snip]

iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team.

I think they're being a little simplistic. The method they used was ingenious, and required a certain amount of specialist equipment (albeit equipment that is easily obtainable) but I wouldn't describe it as easy.

They suggest that instead your phone should be secured by a (hopefully) long passcode. Very secure, I agree, but there in lies a problem. The sensitive info on my phone is held in a password manager. The password to that is a long series of random characters of which I hope CCC would be proud. It gives me great peace of mind, but it isn't half a pain to have to type it in. Fortunately I don't have to do it too often.

If I had to do that every time I wanted to check the weather on my phone I'd: a) go spare and; b) rapidly turn it off. Which would of course defeat the purpose of the security.

The second thing to consider about their test is this. If you're the President of the United States, people will expend a lot of energy to crack your mobile phone and the secrets there in. If your Joe Normal like me, people won't. It would be too much effort and too difficult to get my fingerprints so I'm certain anyone who would steal my phone simply won't bother.

Ease of use is king ...

Having finally got an iPhone 5S (all the way from China by UPS), what I tell you about the fingerprint scanner is that it is very easy to use. Even though the phone locks itself as so as you turn it, even for a second, it's so easy to unlock that it doesn't matter. Thus I will keep my phone locked and secured all the time. And given that the passcode is now a back up rather than the primary method of getting into the phone, I'm quite happy to change it from a simple 4-digit PIN to a much longer password.

I think I'm a fairly normally user, if you make it easy to use, I'll use it. Especially if it's going to make things better (and more secure) for me.

So in this case I think Apple's fingerprint scanner is not as CCC thinks a security negative, I think it's a security positive that's going to encourage a lot more people to lock their phone securely. :-)


"Any idiot can face a crises - it's day to day living that wears you out" - Anton Chekhov

Header image: pixabay.com