Posted
08.07.2015

* Don’t let your smartphone’s fingerprint reader give you a false sense of security

Don’t get me wrong. A fingerprint reader on a phone or tablet is a godsend to anyone who hates having to type a code or swipe a lock pattern every time they use their device.

True, experts have hacked the iPhone 6’s Touch ID and the Samsung Galaxy S5’s reader. But the chances are slim that someone so highly skilled is going to break into your lost or stolen phone.

What might actually do your phone in, though, is if your confidence in your fingerprint reader leads you to drop your guard by using a relatively weak four-digit passcode, leaving your phone far more vulnerable to intruders.

Microsoft security expert Cormac Herley expressed concern that many smartphone users are doing just that in a talk he recently gave on password strength at PasswordsCon.

When I asked Herley if there was evidence that users would compensate for a fingerprint reader’s strength by using a weaker passcode, he cited this academic study published by the IEEE, which came to the following conclusion:

“Adding visible security features to a system increases user confidence in the security of a system and thereby causes users to reduce how much effort they spend in other security areas.”

There’s also evidence that many smartphone users don’t adequately secure their phone regardless of whether it has a fingerprint reader. For example, a Consumer Reports national survey found that, as of 2013, only 11 percent of US smartphone owners used a passcode (or other locking feature) stronger than 4 digits to secure their phone. Roughly half had used no screen lock at all. (Note: I reported on that survey when I was Consumer Reports’s Technology Editor)

So it is a positive development that Apple has said that its upcoming iOS 9 will require users to initially set up a six-digit passcode for any iPhone or iPad equipped with Touch ID. (Users will still be permitted to switch to a weaker passcode after they set up the initial one.)

One final point: If you routinely use your fingerprint reader to unlock your phone, there’s really no excuse for not using a very strong passcode or password because you will rarely be inconvenienced by having to enter it. And wasn’t that the point of having a fingerprint reader to begin with?

–Jeff Fox

Comments are closed.

Tweets

@elonmusk Why you don't STFU already?? Go back to your apartheid homeland, asshole.
- Saturday Dec 17 - 4:03am

@elonmusk Cut the shit already asshole. Your stupid, phony "polls" mean nothing to anyone with a brain & education.… https://t.co/UDPfCXCoPm
- Saturday Dec 17 - 12:10am

@SenatorLorettaW @GOPLeader And then they'll go about their usual GQP BS.
- Saturday Nov 26 - 1:40am

@SWCEAGLE @elonmusk Yeah, an 8-inch "cigar" really makes the man. 🤮
- Friday Nov 25 - 7:39pm

SUPPORT

STATE OF THE NET.NET

Buy Jeff’s baseball book as a gift for a Yankees fan in your life.
100% of the pub- lisher royalties will be used to support this site.

find us on facebook
Designed by RocketWP WordPress CMS & SEO Services