How secure is Apple's Touch ID?

We pit the fingerprint scanner against the default 4-digit passcode.

One of the few hardware upgrades Apple introduced in the iPhone 5s was Touch ID, a fingerprint scanner built into the home button.

This allows users to log into the device without having to type a password and enables purchases from theiTunes Store, App Store, and iBooks Store to be authorised.

There's no doubting Touch ID is more convenient than tapping in a traditional pin number or passcode, but just how secure is it?

Is Touch ID safer than a 4-digit password?

Yes. The chances of a stranger guessing a 4-digit pin are 1 in 10,000. These odds reduce dramatically if you know the person. Friends or relatives know important dates such as anniversaries/birthdays, which could be used as a password. Of course it's also easy to look over someone's shoulder and memorise the short 4-digit sequence.

Because fingerprints are unique to individuals and tangible there's no chance they can be bypassed with guess work you either have the corresponding print or you don't. No two fingerprints are identical, and Apple claims the probability of strangers having fingerprints close enough to bypass its sensor are 1 in 50,000. You only have a maximum of ten attempts to use the fingerprint scanner before it asks you for a password - so the chances of this are slim.

On the balance of probabilities Touch ID is five times more secure than the 4-digit pin.

However, Touch ID is not impenetrable. German hacking group, Computer Chaos Club showed how to hack the system by replicating a fingerprint. The method is a laborious process - requiring a hacker to lift a fingerprint from a surface, clean it up using graphite power, take a high-res photo with a 2400dpi camera, and print it off at a resolution of 1200dpi onto a plastic or latex material.

A second way of hacking Touch ID is far easier, but depends on opportunity. Simply wait for the person whose fingerprint you require to fall asleep before gently prodding their finger on the home button. It's crafty and most probably restricted to nosy family members and friends. But it's far more likely to happen than the fake fingerprint method.

The 6-digit combo

On the balance of probabilities Touch ID is five times more secure than the 4-digit pin. But what if you up this to a unique 6-digit combination?

The chances of someone guessing a random 6-digit pin are one in a million in theory - making it 20 times more secure than Touch ID. If you use a 6-character alphanumeric password, the number of possible combinations increases to two billion.

So what's the takeaway? Touch ID isn't perfect, but it is safer than the 4-digit pin. We see it gaining mass adoption amongst Apple users due to the ease of use. But a combination of 6+ characters is still safe, and Apple hasn't killed off the password completely.

The iPhone 5s requires users to enter their password every time they reboot, when over48 hourshave elapsedbetween unlocks and when you want to enter the Passcode and Fingerprint setting.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

The 8th-generation iPad debuts with the A12 Bionic chip
tablets

The 8th-generation iPad debuts with the A12 Bionic chip

15 Sep 2020
iPad Air 2020 debuts with A14 Bionic chip and USB-C
tablets

iPad Air 2020 debuts with A14 Bionic chip and USB-C

15 Sep 2020
Broadcom chip shipments indicate delayed iPhone 12 launch
Hardware

Broadcom chip shipments indicate delayed iPhone 12 launch

4 Sep 2020
Apple delays iOS 14 privacy changes after Facebook pressure
privacy

Apple delays iOS 14 privacy changes after Facebook pressure

4 Sep 2020

Most Popular

Unilever adopts Google Cloud’s complex data processing for conservation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for conservation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020