Imagine that everywhere you touched a post-it with your passwords would appear. Imagine that your government and the governments in many of the countries you’ve travelled to had all your passwords. Imagine that governments weren’t that good at protecting your passwords. In the day and age of Touch ID and other technologies that use your fingerprints as passwords you don’t have to imagine.
Our fingerprints are akin to usernames not passwords. We only have 10 of them and they cannot be changed when a breach occurs. We spread them everywhere we touch and there are databases containing them. Databases that get lost, stolen, and leaked. We can be forced to use our fingerprints. This is why you should disable Touch ID and any similar technology.
Remember to change your fingerprints regularly and never use the same on several websites.
Repeat after me:
Identity is not authentication
Fingerprints are identity
Fingerprints are not suitable for authentication
#netsec
Note: Since writing this I have reevaluated my opinion on this matter. While what I’ve expressed here is still true, for the average person’s threat model using Touch ID or Face ID is an improvement in their security. In the interest of transparency the rest of the original blog post is presented in its original form.
Convenience
Often security and convenience sit at opposite ends of the scale. Rarely is something both very convenient and secure. By nature a lot of security is not convenient and sometimes we need to trade some degree of convenience in favour of security. In the case of fingerprints it’s very convenient to unlock your phone or authenticate App Store purchases with only the touch of your finger. With fingerprint authentication we are trading security for convenience.
When I first got my iPhone 6s I was really impressed by the speed and precision of Touch ID, but as I used the phone more I came to realise that I was trading too much security for my convenience. I’ve since switched back to using a trusted 6 digit pin. I will switch to a full alphanumeric passphrase at some point. Entering a 6 digit pin is not at all as convenient as touching a sensor, but it’s more secure.
Pin codes and passphrases suffer from their own category of security issues, someone looking over your shoulder being the most significant one. In fact when Touch ID was first released this was a point that was made.
…a simple and secure way to unlock your phone with just a touch of your finger.
Touch ID definitely features a more secure input method than pins. However one should remember that the input in the case of Touch ID isn’t a password, it’s a username.
So should you disable Touch ID?
Ultimately it comes down to where you stand on the tradeoff on security and convenience. Is it worth it to trade a sizeable chunk of security for a more convenient way to unlock your phone? I have given you my opinion, but deciding on the tradeoff is stil up to each and everyone of us.
Just remember:
Fingerprints are not passwords. They are usernames.