Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsApple iOS and devicesIllogical request for PIN entry on iPhone.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
Batman
Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

  #1355419 30-Jul-2015 17:35
Send private message

to prevent madmen from cutting off fingers and thumbs for personal gains?



Geektastic

17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #1355426 30-Jul-2015 17:55
Send private message

Even Apple are a bit confused:

"Setting up a passcode on your iOS device is an important part of protecting your data. Each time you turn on or wake up your device, it will ask you for your passcode before you can use the device. If your device supports Touch ID, you can use your fingerprint instead of a passcode."

Except you can't...!

Can you make pass codes longer than 4 digits?





lxsw20
3552 posts

Uber Geek

Subscriber

  #1355435 30-Jul-2015 18:11
Send private message

Geektastic: Even Apple are a bit confused:

"Setting up a passcode on your iOS device is an important part of protecting your data. Each time you turn on or wake up your device, it will ask you for your passcode before you can use the device. If your device supports Touch ID, you can use your fingerprint instead of a passcode."

Except you can't...!

Can you make pass codes longer than 4 digits?


You can, except in a couple of circumstances that would be rare for most people. Yes you can make your PIN longer by turning off simple passcode, in iOS9 it's 6 digits by default. 



Geektastic

17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #1355660 31-Jul-2015 08:12
Send private message

Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?





MikeB4
18435 posts

Uber Geek

ID Verified
Trusted

  #1355665 31-Jul-2015 08:16
Send private message

I wondered this very thing myself with my own iPhone. This thread has explained it well and confirmed what I had assumed.

lxsw20
3552 posts

Uber Geek

Subscriber

  #1355671 31-Jul-2015 08:28
Send private message

Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?

Geektastic

17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #1355855 31-Jul-2015 11:22
Send private message

lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!





 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Paul1977
5041 posts

Uber Geek


  #1355937 31-Jul-2015 12:14
Send private message

Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


So you want it to always require the fingerprint scan, as you feel it is more secure than a passcode?

What if the sensor dies?

Paul1977
5041 posts

Uber Geek


  #1355947 31-Jul-2015 12:19
Send private message

Kyanar:
Paul1977:
nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece  - the pincode.


That's what i was getting at with my above edit, but never saw this in any official info that I had read. That makes sense, thanks.

But what about when you first purchase an app after a restart? The Secure Enclave is accessible at this point, but it still won't let you use Touch ID until you enter your Apple ID password. Is there a technical reason for this?


That's because at that point, it doesn't have your Apple ID password.  It needs you to provide it so it can verify with Apple that the password is correct (which it does by irreversibly hashing it and sending the hash).  Without the password, it can't generate a hash, therefore preventing you accessing Apple services that require positive identification.  As Apple doesn't have any of the Touch ID data, they cannot use that to verify.


OK, that makes sense. But why generate a new hash after each reboot, why not just store the hash in the Secure Enclave permanently?

lxsw20
3552 posts

Uber Geek

Subscriber

  #1355949 31-Jul-2015 12:21
Send private message

Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 

Geektastic

17942 posts

Uber Geek

Trusted
Lifetime subscriber

  #1356374 31-Jul-2015 22:36
Send private message

lxsw20:
Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 


It is supposed to be 'good' for the phone to switch it off periodically so that it has to reboot, I read somewhere. And why waste charge etc overnight when I won't be using the phone?

I've changed the PIN to a more complex one.

However, it still seems more secure to require both on restart - if for no other reason than the fact that the phone must be in your possession to do that. Unless someone hacked off your finger, but I think that is remote enough as a possibility that we can put it aside....





sir1963
3260 posts

Uber Geek

Subscriber

  #1356481 1-Aug-2015 08:13
Send private message

Geektastic: So... When you power your phone up, it asks for your PIN. You cannot unlock using your fingerprint.

This seems to fly in the face of using your fingerprint which cannot be guessed as opposed to your PIN which can. So why is it done that way?


1. You can use a complex password rather than a pin if you believe security is an issue

2. In the USA, the NSA can push your finger onto the button to unlock the phone, they can not however forced you to enter the pin.

Batman
Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

  #1356504 1-Aug-2015 10:41
Send private message

Geektastic:
lxsw20:
Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 


It is supposed to be 'good' for the phone to switch it off periodically so that it has to reboot, I read somewhere. And why waste charge etc overnight when I won't be using the phone?

I've changed the PIN to a more complex one.

However, it still seems more secure to require both on restart - if for no other reason than the fact that the phone must be in your possession to do that. Unless someone hacked off your finger, but I think that is remote enough as a possibility that we can put it aside....


And what is the measure of good? So your battery will last 5 years instead of 4.8? So the phone will last 20 years instead of 12? It's like medicating a 90 year old to prevent an eye problem after 14 years.

jnimmo
1097 posts

Uber Geek


  #1356589 1-Aug-2015 12:49
Send private message

With Touch ID disabled, the encryption keys are thrown away each time iOS is locked.
The PIN is required to derive the encryption keys.

With Touch ID enabled, rather than throwing away the keys when the device is locked, they are wrapped in a key which is given to the Touch ID system. Then when you go to unlock the device, if Touch ID recognises the fingerprint it provides the key for unlocking the phone.

The idea of touch ID being you can use a much more complex PIN number than you normally would which is only required occasionally and then use your fingerprint to unlock most of the time.

I would guess that PIN is also required on boot because the fingerprint sensor could be tampered with while the device is turned off; i.e. if you had a photo of someone's fingerprint you could probably swap out the fingerprint scanner and digitally feed that in.

In summary, the PIN is used for deriving data encryption keys. Once that is done on the initial unlock, when you lock the phone a copy of that is given to Touch ID which will allow the device to be unlocked the next time.


Is a great whitepaper on it here, I certainly haven't read it all but really is amazing the way it has all been designed  https://www.apple.com/business/docs/iOS_Security_Guide.pdf


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright