Apple has posted a help document outlining the security safeguards it takes for the new Touch ID fingerprint sensor on the iPhone 5s.
Security safeguards
Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like “1234”, may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern. Instead, the 1 in 50,000 probability means it requires trying up to 50,000 different fingerprints until potentially finding a random match. But Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you cannot proceed until doing so.
To configure Touch ID, you must first set up a passcode. Touch ID is designed to minimize the input of your passcode; but your passcode will be needed for additional security validation, such as:
● After restarting your iPhone 5s
● When more than 48 hours have elapsed from the last time you unlocked your iPhone 5s
● To enter the Passcode & Fingerprint setting
Since security is only as secure as its weakest point, you can choose to increase the security of a 4-digit passcode by using a complex alphanumeric passcode. To do this, go to Settings > General > Passcode & Fingerprint and turn Simple Passcode off. This will allow you to create a longer, more complex passcode that is inherently more secure. Security is further strengthened by using a mixture of uppercase and lowercase letters, numbers, and symbols.
You can also use Touch ID instead of entering your Apple ID password to purchase content from the iTunes Store, App Store, and iBooks Store. You will be asked to scan your fingerprint with each purchase. If Touch ID does not recognize your finger, you’ll be asked to try again. After five failed attempts, you’ll be given the option of entering your Apple ID password. In addition, you will need to enter your Apple ID password after:
● Restarting your iPhone 5s
● Enrolling or deleting fingers
Secure Enclave
Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn’t possible for your actual fingerprint image to be reverse-engineered from this mathematical representation. iPhone 5s also includes a new advanced security architecture called the Secure Enclave within the A7 chip, which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can’t be used to match against other fingerprint databases.
More at Apple
Leave a Reply