Monday, October 7, 2013

Apple Security, Part 1: Touch ID and Passcodes

Security has been a hot topic as of late. With the recent news regarding the NSA, Edward Snowden and allegations that Internet companies are capturing our data, it is imperative that we try to be aware of the risks and take steps to limit undesired intrusions. In this first of what I hope to become an ongoing series of posts, I'm going to discuss one of the security features Apple recently released: the Touch ID fingerprint sensor in the iPhone 5s.

Apple has stated that over 50% of smartphone users do not use a passcode to lock their phone. By not using a passcode, users are opening themselves up to easy unauthorized access to the data on their phone, like birth dates, home and email addresses, phone numbers of family and friends, and possibly other personal information. Granted, like most security measures, a passcode reduces the convenience of the phone. This is one of the reasons I really like Touch ID - it provides greater security and greater convenience. Once Touch ID is enabled, all it takes to unlock your phone is to place your finger on the home button for a second. Apple claims a fingerprint is 5 times more secure than a 4 digit passcode, so you get more security and convenience by this one mechanism.

If you use Touch ID, you will still need a passcode, which is required after rebooting your phone or if you haven't unlocked your phone with your fingerprint for over 48 hours. But there's another benefit I think Touch ID will bring about. Now that it should be rare to need the passcode, people can use longer, more complex passcodes, which will provide even greater security. I believe Apple will roll out Touch ID to their iPad and iPod products, and I wouldn't be surprised to even see it get integrated into their computers over time.

It's easy to add a passcode to your iOS device; go to Settings -> General -> Passcode Lock (on the 5s it's called Passcode & Fingerprint). The default is a 4 digit passcode; to create a longer one or one with letters and special characters, turn off Simple Passcode. Another option on this screen includes how long to wait after locking your phone before requiring the passcode to be entered (Require Passcode). There are other options for which actions are allowed when the phone is locked such as Siri and Passbook. Finally, the last option (Erase Data) gives you the choice of erasing all data on your device after 10 failed passcode attempts. I like this last option but haven't enabled it on my phone yet - I worry one of my kids will play around with my phone trying to guess my passcode and end up wiping it out! A related option is Auto-Lock on the Settings -> General page. This option specifies how much idle time must occur before locking your device.

If you want to learn more about Touch ID, check out this Apple article on it.

Touch ID and other security features like Activation Lock (I'll cover that in an upcoming post) are demonstrating Apple is listening to its customers and beefing up its security infrastructure. But Apple is not the only company doing this. Google has been in the news recently with their enhancements to make all searches secure. With the public's focus on security, I'm sure we'll see other technology companies follow suit.