Reply to post: False sense of security that Touch ID brings

Apple slaps a passcode lock on iOS 8 devices, but cops can still inhale your iCloud

Jin

False sense of security that Touch ID brings

I am of the opinion that Apple is expected do something about the vulnerability that their Touch ID brings: Biometrics operated with a password in the OR/disjunction way (as in the case of iPhone) offers a lower security than when only the password is used.

Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users of such products must have been notified that, when falsely rejected by the biometric sensor with the devices finally locked, they would have to see the device reset.

Biometric products like Apple's Touch ID are generally operated by (2) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x%) and that of a password (y%). The sum (x% + y% - xy%) is necessarily larger than the vulnerability of a password (y%), say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.

Am I wrong in thinking that this fact should be known to the public?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021