I've been using it for about a week or so now. It's incredibly convenient. It unlocks my phone almost instantly. It prevents random people near by phone from being unable to unlock it. If a thief got their hands on it, they'd have a few attempts to unlock it with a fake fingerprint, and then they'd have to enter my code. And if they fail to enter my code 10 times, the phone is wiped.
All in all TouchID basically removes almost the entire burden from the security of having a locked phone. It's actually faster to unlock my phone with TouchID than codeless swipe to unlock, so it's a no-brainer to turn it on. It doesn't matter that the NSA probably has my fingerprints, in practice it prevents most people from getting into my phone in a way that is transparent and easy to use. If the spooks want my data, they can already get it.
This reminds me of certain U.S. Supreme Court decisions. As someone who's interested in constitutional law, I often find myself defending things that seem trivial and nitpicky. Why does it matter if the police enter one drug dealer's home without a proper warrant? Who cares if we restrict someone's speech, considering that the person was, say, a racist whose ideas were ignorant and offensive?
Of course, the content in this analogy is very different. I'm not comparing fingerprint scanners to crimes. But the logic is very similar: when judging law and technology, respectively, it's important to consider how seemingly small decisions serve as a precedents for bigger trends.
If fingerprint scanners become a common replacement for passwords, and the author's argument is correct, the scanners may dramatically change our security and expectations of privacy.
However, your fingerprint is a username in that case because it is all over the place. The police already have it. Don't be fooled, there are certainly kits being sold to law enforcement to dupe TouchID. You're data is less protected from those that you'd probably prefer not have easy access to it now.
Outside the HN bubble, this is an acceptable tradeoff. People who are concerned can continue to use passwords.
Therefore it is up to us to make the right choices. That we aren't doing it, choosing instead to defend flawed technological improvements and the companies doing it, is very regrettable.
> This is a disadvantage only when you are on trial. That's a pretty extreme contingency
No dude, that's not the only thing that can happen and it's in no way extreme. Many people do go on trial for trivial things (because shit, in the US at least, suing people is a way of life) and your laptop or phone contains your most secret conversations and desires, being the ultimate incrimination tool, a digital fingerprint of your own mind.
And you don't have to be on any trial. You don't even have to be a suspect in an investigation. It can happen and has happened for laptops or phones to be seized for inspection during routine filters, like by the airport security.
Also, in the US you may live under the rule of the law. What about countries where oligarchies rule, countries where corruption is the norm? What about countries like Rusia, China, India or Brazil?
Just today I read about a story about this traffic cop from my own country that had the bad inspiration of doing his job by fining his own boss for ignoring a red light and exceeding the speed limits. He was later accused of all sort of bullshit and had to fight it in a court of law for 2 years before he was exonerated.
And technology evolves and our devices are gradually becoming our stored memory. What do you think these corrupt officials or organized crime syndicates could do with your own mind, 10 years from now? A lot dude ;-)
I'm glad you have been deemed worthy enough to make that decision for the rest of the population that doesn't understand the implications of what they are getting into.
Are you saying that random people can pick up your phone when you go to the bathroom, touch the home button 3 times, and then enter "1111" 10 times, and wipe your phone? Is there some protection against this?
Anyhow, my initial thought was, perhaps not an asshole but a child? I could see a child playing with the phone and wiping it in quite short time. But other commenters pointed out it's not the default and there's cloud back-up it doesn't seem a major problem.
My guess at an answer is that human beings are more comfortable thinking about numbers that are small integers (between 1 and 20 or so?), and that (roughly speaking) we often want to be able to give a bit more precision than you'd get from just "1" vs. "2".
So for baby growth, parents will talk about how many days old their child is for the first week or so, and then use "weeks" for the first few months, and then use "months" until they're around 2 years old. (There's also a real sense in which the pace of child development seems to progress on a sort of log scale: change is very rapid at first, but gradually slows down. The use of different age units seems to roughly parallel that.)
As an aside, this same human preference is presumably also why the English developed different units for (say) inches, feet, and miles rather than using one of those units for everything. [Side note: is there any common English unit between yards and miles? I grew up using "blocks", which is handy, but that's pretty city-specific.]
 By "precision" I'm thinking more or less about "relative uncertainty". If you assume that an integer value is accurate to within +/- 0.5, then the percent uncertainty on 1 or 2 is so large as to make the information almost useless, while the implied uncertainty on a big number like 50 is probably smaller than is justified for most contexts.
Literally, the length of a furrow. A sensible length for
farmers that later evolved into the acre, which is discussed
later in this section. A standard furrow is 220 yards long
or ⅛ mile
- Clothes are sized in months 0-3, 3-6 etc..
- During doctor visits you discuss developmental milestones expressed in months.
Etc. You get used to it, since at that age the development of a child is extremely condensed and years simply don't provide enough resolution.
- 1.0833 years old: 13 months
- 1.4166 years old: 17 months
- 1.8333 years old: 22 months
So, is it easier to use years on the clean decimals and months whenever it gets hairy, or to just settle on months?
It's not like you will lose data since it is backed up to iCloud.
Um, protection against random people wiping your phone maybe?
If this is a problem with your circle of friends: find new friends, or disable this feature.
If you use the iPhone Configuration Utility, you can even reduce the attempts down 2 before it wipes itself.
I guess it's useful in circumstances where the data on the phone is more valuable than the phone itself.
Thieves will offload the phone to someone using software explicitly designed to wipe electronics to be resold.
Whether they are wiping an iphone that happens to have touch ID or not is only relevent towards the resale price once it's wiped.
Clearly Apple marketing works, as it's somehow convinced a member of (I'd hope) a more technical audience that their electronics are somehow safer against thieves.
The point is that with TouchID (as opposed to no passcode) the thief will not be able to send porn to my mom or read my text messages before they wipe the phone.
Basically, a stolen iPhone is only worth the sum of its parts so they can be used to repair other phones.
So if it works as advertised, stolen iPhones and iPads will only be worth the sum of their parts.
did I just predict iOS8?
Apple are perfectly happy with the second hand market for iPhones.
I've just ordered a 5S. It's costing me £709. My iPhone 4S 64Gb is worth about £200 second hand. Even a new 8Gb 4S, the cheapest model available new, is £349.
Anyone interested in my second hand phone was almost certainly never going to spring for a new iPhone.
The market for second hand iPhones does next to nothing to cannibalise the market for new iPhones (which Apple cares about) and strengthens the iOS ecosystem (both by bringing in new customers who might buy apps, music and movies but also keeping customers away from competing platforms).
There's more upside than downside for Apple in second hand iPhones.
It's a cute feature. It's not going to change the world, sell another billion phones, push other companies out of the market, or save anyone from serious attacks. It's probably a good idea to enable it anyway.
I think that's the key distinction here. In any given authentication scheme it's important not to have false positives (incorrectly identifying a bad guy as you) or false negatives (incorrectly identifying you as a bad guy). In this case false positives break security, false negatives break usability. However, false positives won't outright stop adoption whereas false negatives will.
With glove, dirty or too much sweat, I believe it does not work. So, it's not 'always'.
However like others, I turned it off because the performance was highly variable, and the failure mode consists of a many-seconds wait which can be extremely infuriating (even embarrassing, as as you stare blankly at your phone for 5 seconds at a party, trying to quickly get someone's number or something).
edit; not 911emergency, but casual situations of full or dirty hands..
I went to it. I leads to a special dialer. Instead of voicemail the button leads to a special emergency contact (or list). It only shows 4 inputs on top so I am guessing that is the limit so you can't dial anything but emergency services (that are 4 numbers or shorter). Then it goes back to my lock screen.
With a fingerprint unlock, I need to go to at least a little trouble to fake the fingerprint.
In neither case is the phone meaningfully protected against serious attack. Why must we have this argument? It's a cute feature. Use it.
What utter unmitigated rubbish. It is extremely unlikely that even a fully qualified CSI would be able to lift a full print from a mobile phone, let alone one that that can be reliably reproduced in the manner CCC described.
My 5 year old son was quite literally dusting for fingerprints at the local science museum last weekend. We have some shockingly high fidelity prints of both our thumbs showing all the ridges. And all we had to do was squeeze a piece of plastic. Fingerprints have even less identifying detail than faces. You've been hoodwinked by Apple's marketing, and I'm willing to bet this isn't the first time.
Yeah, not so much. The fakes didn't even pretend to be live tissue.
That doesn't seem to be the case to my knowledge. The evidence from the successful attack is that you need an excellent-quality print from one of the specific fingers that has been programmed into the phone. Some phones probably have that on them, but it appears likely that many do not.
edit: build an app, get your colleague, significant other etc touch it on any touchscreen phone or get on camera and create a 3d printed finger. 3d printing vs touchid...maybe
But putting that aside, your hypothetical app would -- using the demonstrated method -- 'lift' that excellent quality print, scan it at 2400 dpi, (clean up said print), print it on a transparency at 1200 dpi, mask it onto photosensitive PCB, develop/etch/clean the PCB, spray graphite and apply wood glue to the mold.
It might make for a slightly-more-plausible-than-normal gadget sequence in a Mission Impossible movie, but it's not much of a concern for the target market. 
 Despite what decades of shows like CSI might lead us to believe, this is not a simple or error-free process. And each mistake irrecoverably destroys the print.
 Most of that market doesn't even use a passcode today and many that do are still using surprisingly bad PINs (birthdays/anniversaries/1234)
Except when confronted with an Apple product. Then it's all "Nah bro, relax. No way could you lift a fingerprint from a glossy phone screen". :)
I'll say it for the third time. It's cute feature (like face unlock was before it). Use it and enjoy it. If you honestly think you're buying a serious security mechanism you're simply wrong.
There's security that geeks advocate for ourselves and our own implementations (often things we only have to set up and maintain infrequently) and then there's security that normals actually use (often things they have to authenticate with several times a day).
And I must have missed it, if anyone's been arguing this is a serious security mechanism. As far as I've seen, it's been lauded as (not much) better than a passcode, but, primarily, convenient enough to get people to use it instead of nothing, bringing up the relative security of a still-fairly-insecure bunch.
And you may want to re-read the discussion over the faked-print attacks. It isn't about (im)possibility. It's about the time, expertise and equipment involved and the likelihood of success being too expensive to be worthwhile for gaining access to most phones. 
And if we're wearing our "serious" security hats, I still don't see any reason to worry too much about print faking, as its core assumption is a skilled attacker who has unfettered physical access to our device, unbeknownst to us and beyond our control. And at that point, the game is already over.
 CCC themselves, with ideal source prints, had to significantly complicate their process to generate fakes that worked with a suitable consistency. So even if you think suitable source prints grow on trees, the point of significant skill, equipment, time and resources remains.
When you say it's not "a serious security mechanism", it sounds as if that's defined in some absolute terms. But if the effort to hack it is hundreds of times more difficult than the possible payoff from hacking it (which appears to be the case for nearly anybody but James Bond), then it acts as a serious security mechanism for that user's context. Literally nobody is going to make a mold of my finger to unlock my iPhone — they'd have to be absolutely insane to think that was worthwhile. So it's a serious security mechanism for me. Would it be a serious security mechanism to cover nuclear launch codes? Of course not.
You have to understand that the practice of cryptography has always had a military basis; the commercial/private use is ancillary.
So, what's "a serious security mechanism?" Presume you're a military commander during active war, whose battle plans are intercepted by an opposing nation. What is the likelihood, given the opposing nation believes your plan will lead to their complete destruction, that they'll be able to break the security in time to execute a counter-operation? A serious security mechanism is anything that reduces that likelihood.
You need to be able to sign in with the Apple ID to remove the association.
I've already done that service for another, using some auto-unlocking tools. Takes all but 5 seconds, including USB negotiation. And it even gets past sim-locks.
Of course, I don't actually use it because the face recognition is so bad, and nonexistent in the dark.
I'm ready to have a chip in my arm now.
I have no idea how finger print vs facial recognition compare in accuracy, but a decently implemented facial recognition system shouldn't be compromised by a still image.
face unlock now requires you to blink.
As they said when they unveiled the feature and people mentioned this: give them a little credit.
If I was the kind of person who was worried about someone accessing the contents of my phone, I'd simply turn off touch ID and use a long password (or spend less money on a phone that didn't have a feature I wouldn't use).
I've gone down the route of using both a long password and touch ID simply because touch ID works so reliably - I've never had to enter my password. That way someone either needs my long password or a physical copy of my fingerprint to access my device. I'd say that's much better than the 4 digit numerical code I relied on previously - which had been seen by friends and family.
Your iPhone has a picture of your fingerprint inside of it now. It's just a picture, and it's likely a very good picture at that.
What happens when I swipe your phone for a second or two, plug it into my machine, and download the high-resolution picture of your fingerprint?
Do you use a fingerprint lock at home? If so, I've just broken into your home.
Do you use a fingerprint lock for the datacenter you administer? I've just gained access.
Do you own a registered gun? How'd you like me to commit a murder with your fingerprint on it?
This kind of attack is the missing piece of my argument. When someone figures out how to do this, these issues are going to become very important very quickly.
Let's suppose that Apple introduces a feature that syncs your fingerprint across many devices. How convenient, right? Let's say that means keeping all of your fingerprints on Apple servers. Let's now suppose that, like a credit card database, an attacker is able to obtain a leaked copy of the fingerprint database of every iPhone user. The recent touchid hack shows that fingerprints can be spoofed for high-end scanners. What then?
Sure, this scenario is very unlikely. I'm totally in slippery-slope land here.
But when we choose to turn up the dial on convenience to sacrifice more security, we must be prudent, carefully considering the consequences of our intentional ignorance.
The big enterprise market is an awesome place to get a foothold in - they are not really price-sensitive and hate change. Not that Apple has any problems in that segment, but extra lock-in doesn't hurt.
Where this becomes semi-dangerous is in assuming that now your phone is ironclad and you can store whatever on it totally unprotected. The best route to safety is to make informed decisions based on your own risk-tolerance and not be a lemming.
While an individual person might not be at that great of risk because the amount of crackers willing to exploit touchID is limited to a minute demographic of people, the real harm comes when many iphone owners who share your ideology start using touchID instead of the more secure locking features their phones provide just because its more convenient.
Consider what happens when there are 100,000,000 million insecure phones out in the world. To a motivated cracker/spy/terrorist this is a huge ocean of potential suckers/victims vulnerable to exploitation. While most of these people aren't worth targeting, 1000-10,000 people might be.
This is why rejecting broken security technology is a cause everybody should rally behind. Even if you are never a victim of a black hat, you may very well suffer indirect consequences from the exploitation of somebody else.
I guess the question at that point is, is a 4-digit code better or worse? I'm not fielding that one...
With touch unlock, all I need is my buddy to hold you for 3 seconds while I twist your arm and unlock the phone.
With passcode unlock, getting the password out of you will take some more effort.
Oh, and in this scenario, I can be a thief, or a police officer, or a borders agent, or an abusive husband, or many other things :)
Given that there are two people, capable of violence, against the phone owner I'm not sure that getting the password is going to be that much trouble.
Now, if you arguee that no thief will ever want your data (and you'd be probably right), it doesn't matter if you lock your phone or not, and it won't matter how you do that. In this case, locking schemes are completely useless.
(Now, I'd be content with a fingerprint reader that recognizes a finger - any finger - and unlocks the phone. It's enough protection if my pocket can't defeat it. Unlocking only by specific fingerprints looks like a pain, nobody else will be able to unlock my phone? Thanks, but I'll pass that.)
You must not have kids, because that statement scares the shit out of me.