Hacker News new | past | comments | ask | show | jobs | submit login

I'm surprised to see so many people saying they will miss TouchID. I still find the idea ridiculous compared to a much more secure PIN.

But I'm still using a Galaxy S3 so I'm not in the target demographic for sexy new phones.

https://www.forbes.com/sites/josephsteinberg/2015/03/05/why-...




> much more secure PIN

Is it? Before touch sensors became the norm people would put in their PIN every few minutes. It would get picked up by countless security cameras. You could talk to a stranger for 2 minutes and pick up their PIN if you didn't avert your eyes.

And most people didn't use a PIN at all, because it was too much bother.


A PIN isn't perfectly secure; someone can watch you enter it with a security camera or can tell which buttons you pressed from the finger impressions on the screen.


Yes, the PIN is the least secure way of unlocking a phone, by a wide margin.

If someone can shoulder surf while I unlock my phone with a PIN, then they can watch which buttons I press and now they can unlock my phone too. If I use the fingerprint reader to unlock, then they have no chance.


And a complex 40+ character password is much more secure than a 4-6 number pin. There is always a trade off, I personally don't want to press 7 times on my screen everytime I want to use it.


I have a PIN that's longer than 6 digits, and it's just ingrained in muscle memory after a short time. It's not a big difference to a shorter PIN for me.


What makes TouchID secure is not the fingerprint reader, it's the "Secure Enclave"--a dedicated computing environment for storing secrets that is separated from the main processing system.

Even if you never use the fingerprint reader, an iPhone with TouchID is still more secure than your Galaxy because the PIN is stored in the Secure Enclave.

TouchID is more conventient than a PIN, and it's no less secure because the fingerprint hash is also stored in the SE chip.


To be fair, Some androids have a similar feature, the comments on this HN question are enlightening.

https://news.ycombinator.com/item?id=13957797


To be even more fair: all Android phones you can buy today have a 'secure enclave'. It's been a recommended feature for Google Play certification since Android 5.0, mandatory since 6.0, and part of all Qualcomm, Mediatek, Huawei and Samsung SoCs for years. In your Android phone's settings, go to Lock screen & security, and look at "Credential storage". Unless your phone is ancient, you will see that the storage type is hardware-backed. My Nexus 4 from 2012 has it.

This is another one of those things where Apple marketing fares much better than their competitors :)


And why i regard Apple a marketing company dabbling on consumer electronics.


Pin and an actual keypad beats all the rest.

But then i am getting old...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: