I think another point that many in the tech pundit community are missing with regard to Touch ID is that this is a solution based more upon convenience than security, although it is obviously at least partially Apple's intent to encourage security by providing that convenience.
Consider that Apple itself doesn't consider the fingerprint sensor to be the primary, authoritative authentication method. The very design of iOS 7 and the iPhone 5s makes it clear that the fingerprint is the weaker factor by design.
- You must always have a passcode set on your device in order to use Touch ID.
- If you reboot your device, only the passcode can be used to unlock it.
- If you have not authenticated to your device for 48 hours, only the passcode can be used to unlock it.
Note that the same applies to using Touch ID to authenticate purchases with the iTunes Store -- after restarting the iPhone, the iTunes password must be supplied before Touch ID can be used with subsequent purchases.
However, consider how much more secure Touch ID is compared to having NO passcode on a device at all -- a situation that applies to the vast majority of casual iPhone users. It's too much trouble for the average user to set a PIN when they pull out and look at their device many dozens of times per day. By providing a convenient and fast authentication method, Apple presumably hopes to make setting a PIN and thereby having a secured device unobtrusive enough that more people will want to do so.
Security is only a deterrent
Statistically, most people who are stealing iPhones are more interested in the hardware than the information. That said, thieves can be nosy opportunists, and an unlocked iPhone will undoubtedly encourage casual snooping. However, in the cases where the hardware is the real target, even the weakest security is enough of a deterrent to make the average thief simply give up and wipe the device so they can then turn around and sell it off.
If a thief actually is targeting your information, it's probably far easier to read your passcode over your shoulder than it is to attempt to capture and duplicate your fingerprints anyway.
Touch ID isn't the only part of the security model
Lastly, Touch ID and passcodes are only one prong of the multi-faceted security system Apple has put into place in iOS. Features such as Find My iPhone and Remote Wipe provide additional protection, and in light of these features, another important goal of the access controls is not only to deter casual access, but also to buy time to allow you to either recover or remotely wipe the device.
While clever thieves can certainly bypass the Find My iPhone service simply be ensuring the device has no data access, this goes back to the original point made by others that no security system is going to be 100% foolproof, but then again it's worth asking what information most of us store on our mobile devices that could actually do any serious, long-term damage, as opposed to simply inconveniencing us. Passwords can be changed, credit cards can be cancelled, and your mom's banana nut loaf recipe is probably not as big of a family secret as she led you to believe.
This question originally appeared on Quora. More questions on iPhone 5s:
