I was wondering how secure Touch ID/Keychain is really. My understanding is that

Question

I was wondering how secure Touch ID/Keychain is really. My understanding is that iPhone 5S devices that use Touch ID allow you to enter a passcode if your fingerprint doesn't work, as a "fallback". Now, with iOS8, Touch ID is being offered to apps as a way for users to authenticate.

But... it seems to me that this is far less secure than what many apps currently have. It effectively says that you can use the device passcode instead of an app password (which is stored in the keychain). Since most users only set up device pass codes with four digits, you only need to try up to 9999 numbers, and then you can get into not just the device, but apps such as banking as well (if they use the Touch ID API).

Also, if the device is stolen and jailbroken, with only a four digit passcode, can a hacker get hold of the keychain items for all my apps? This seems like a big risk.

Am I missing something?

Wouldn't it be better if TouchID's "fallback" was a strong password, instead of a four digit code?

Explanation / Answer

This is not the case. iOS 8 allows the use of touch ID for apps but the "fallback" for the touch ID in terms of apps are the actual app password. the 4 digit code is only used if touch ID fails to unlock your phone

on a side note, certain apps such as banking can almost definitely chose not to allow touch ID for the app itself or even high-risk functions inside the app e.g financial transactions.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.