Cybersecurity and convenience are always contradictory.  The Touch ID is a convenient means to unlock the device and deemed secure because fingerprints are supposed unique.

But if we give further thoughts, there are several pitfalls.

  • The Touch ID only protects the data-at-rest scenario. It can’t secure your data if your phone is unlocked (data-in-use) nor you submitting sensitive data across the network (data-in-motion).
  • Frequent use of Touch ID will make you tend to forget the text base password, affecting availability in situation you need to provide password
  • Text base password is secure over biometric in a special case: if you are under duress, attacker can force you to unlock your device from your biometric attributes … even if you are dead; but text base password cannot be extracted from a dead person’s mental memory. An example is the locked iPhone from the Boston bomber that evolved into court case to debate national security vs data privacy.

This is a matter of expectation of protection vs limitation or risk of technology that the user must understand to choose giving up the ultimate defense while taking the convenience.

Leave a Reply