Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

And that's the benefit of something like TouchID. Since you rarely have to enter your full password (after restart or too many TouchID failures) it's much easier to use a longer or more complex password than 4 digits. Even a simple dictionary attack would take a very long time at one attempt every 40s.


"rarely"?

Well, I'll say I don't have to punch in my 4 digit PIN much, perhaps that's what you meant. But the 'full password' - the Apple ID password - I have to put that in all the time. The touchID verification for apple store downloads seems to only hold for an hour or so, then I gotta punch in the full painful password again... :(


That happens if you turn off your device. There might be a setting or option you might need to enable. After I've restarted, I enter the password once in the store, and after that, touch ID works.


I believe the mechanisms are something like:

1) ask for password on phone reset

2) ask for password if it hasn't been used for an authentication for ~72 hours

something about people forgetting their passwords if they never got asked for them at all


72 hours is crazy - do they expect people to be buying stuff all the time?

What's crappy about it is that they force a moderately complex password strength which is much harder to input on a touch screen keyboard. I'm constantly having to enter that - the 'touch id' for using the apple store, to me, is effectively uselesss. For unlocking the device, it's fine.


In the US you can be compelled by law enforcement to provide your fingerprint. Not so with passwords and passcodes.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: