iPhone 5S builds security into the home button
It was no surprise to Apple observers that the company introduced a fingerprint sensor at its big iPhone party on Tuesday. After all, Apple paid several hundred million dollars for one of the leaders in fingerprint biometrics last year.
But just what can the Touch ID sensor do? And how does it affect your personal security?
What is Touch ID? Touch ID is a biometric fingerprint sensor that Apple has built into the iPhone 5S. The sensor resides under the home button. It's a logical place to put it, although people who've had their home buttons break might disagree.
What does Touch ID control? Touch ID debuts two forms of log-in replacement for iOS. You can use it in place of your four-digit passcode to unlock your phone, and you can authorize iTunes Store purchases with it. You cannot use it to access your iCloud data, or Apple Keychain passwords -- at least, not yet. You'll still have to use passwords to access just about every other aspect of your Apple life.
What happens if the Touch ID sensor fails? The iPhone 5S gives Touch ID three consecutive chances to work. If it fails after the third swipe, it will ask for your passcode. Also, if you reboot your phone, turn it off, or don't use it for 48 hours it will revert to asking for the passcode first.
Where is Touch ID data stored? Touch ID data is encrypted and stored locally on the iPhone 5S' A7 processor. It is not stored in the cloud.
Where can I get it? The Touch ID sensor is available only on the iPhone 5S (review), which starts at $199 for a 16GB model with a contract.
How many fingers can I use with Touch ID? Apple hasn't revealed a limit, but you can use Touch ID with different fingers it, and possibly up to 10 fingers. Toes are not recommended.
Will Touch ID make my phone more secure? Unfortunately, that depends on what level of security you're comfortable with. Apple has stated that fewer than half of all iPhone users have activated the four-digit passcode used to prevent unauthorized access to phones, so the concept of Touch ID -- a biometric that you never have to worry about forgetting unless you're a Jedi facing off against a Sith lord -- means that people who activate Touch ID should have more secure phones.
Still, two locks are more secure than one, and Touch ID provides only a single form of authentication.
Can Touch ID be hacked? Yes, fingerprint sensors have been around for at least two decades and have been hacked before. So, while Touch ID hasn't been hacked yet, that probably owes more to the device not being publicly available yet than anything else. As the iPhone 5S proliferates, expect creative and disturbing methods of hacking the fingerprint sensor to arise.
Hopefully, would-be thieves won't start carrying cigar cutters around.
Does Touch ID use two-factor authentication? No. Touch ID is not considered two-factor authentication because there is no second authorization technique that's required to use it. It's possible that Apple could expand the feature in the future to include stronger security, but one of the appeals of Touch ID, like the Windows 8 picture login, is that it requires the security input only once.
There are still many questions that remain about Touch ID's implementation, including how people will use it and how developers will incorporate it. A big unknown for Apple's bottom line is whether businesses will consider this "safer" for the "bring your own device" movement, and demand that their employees have it. And it's not going to eliminate passwords -- at least, not on its own.
Apple is the not the first major smartphone maker to incorporate a biometric sensor into a device. Motorola did it with the Atrix but it bombed.
Nevertheless, the fact that Apple has moved forward and implemented a fingerprint sensor means that we're about to see biometric readers coming to competing smartphones in a big way. As long as people don't mistake it for a security panacea, this will be good for personal and device security in the long run.
Correction, 3:54 p.m. PT: An earlier version of this story incorrectly said Apple is the first major smartphone maker to incorporate a fingerprint scanner into a device. It was Motorola.