[sdca]

It's not "forward thinking" to put that feature in 4 years after Touch ID debuted and people have already been forced to unlock their phones. They should be issuing warnings that fingerprint sensors are for convenience and reduce security unless they're used in multi-factor authentication.

[dkonofalski]

The alternative was passcodes and Apple's research suggested that people disabled passcodes rather than use anything secure. TouchID was determined to be far more secure than no passcode and having both TouchID and a passcode is secure enough for most users. You can't add devices without both (along with an Apple ID password) and, at that point, you have physical access to the device which negates most security features anyways.

[grzm]

Interesting and pragmatic. Do you have a reference for this? I'd be interested in reading more.

[M4v3R]

Here's the whitepaper about iOS security: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

[dkonofalski]

There is a reference for this as Apple published a security white-paper about it prior to the release of TouchID. Unfortunately, I'm not at a point where I can search for it. If I find the time today, I will update this post with a link.

[grzm]

Cheers. I'd appreciate it.

Edit to add: I came across this one:

https://www.apple.com/business/docs/iOS_Security_Guide.pdf

It was linked from an article in 2014[1], though this PDF document is dated March 2017.

[1]: http://www.biometricupdate.com/201402/apple-publishes-whitep...

[dkonofalski]

Yeah, that's the updated one. Prior to the release of TouchID, something similar was released.