Fingerprints are Usernames, not Passwords

[glhaynes]

It's not at all clear that the absolute paranoiacs and the people saying that it's unlikely that any but a vanishingly small number of regular people will ever have Touch ID hacked are from the same set.

When you say it's not "a serious security mechanism", it sounds as if that's defined in some absolute terms. But if the effort to hack it is hundreds of times more difficult than the possible payoff from hacking it (which appears to be the case for nearly anybody but James Bond), then it acts as a serious security mechanism for that user's context. Literally nobody is going to make a mold of my finger to unlock my iPhone — they'd have to be absolutely insane to think that was worthwhile. So it's a serious security mechanism for me. Would it be a serious security mechanism to cover nuclear launch codes? Of course not.

[derefr]

> When you say it's not "a serious security mechanism", it sounds as if that's defined in some absolute terms.

You have to understand that the practice of cryptography has always had a military basis; the commercial/private use is ancillary.

So, what's "a serious security mechanism?" Presume you're a military commander during active war, whose battle plans are intercepted by an opposing nation. What is the likelihood, given the opposing nation believes your plan will lead to their complete destruction, that they'll be able to break the security in time to execute a counter-operation? A serious security mechanism is anything that reduces that likelihood.