Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
Mad Scientist
20449 posts

Uber Geek
+1 received by user: 2789

Trusted
Lifetime subscriber

  # 1355419 30-Jul-2015 17:35
Send private message

to prevent madmen from cutting off fingers and thumbs for personal gains?




Swype on iOS is detrimental to accurate typing. Apologies in advance.




12962 posts

Uber Geek
+1 received by user: 4337

Trusted
Lifetime subscriber

  # 1355426 30-Jul-2015 17:55
Send private message

Even Apple are a bit confused:

"Setting up a passcode on your iOS device is an important part of protecting your data. Each time you turn on or wake up your device, it will ask you for your passcode before you can use the device. If your device supports Touch ID, you can use your fingerprint instead of a passcode."

Except you can't...!

Can you make pass codes longer than 4 digits?





 
 
 
 


2270 posts

Uber Geek
+1 received by user: 709

Subscriber

  # 1355435 30-Jul-2015 18:11
Send private message

Geektastic: Even Apple are a bit confused:

"Setting up a passcode on your iOS device is an important part of protecting your data. Each time you turn on or wake up your device, it will ask you for your passcode before you can use the device. If your device supports Touch ID, you can use your fingerprint instead of a passcode."

Except you can't...!

Can you make pass codes longer than 4 digits?


You can, except in a couple of circumstances that would be rare for most people. Yes you can make your PIN longer by turning off simple passcode, in iOS9 it's 6 digits by default. 



12962 posts

Uber Geek
+1 received by user: 4337

Trusted
Lifetime subscriber

  # 1355660 31-Jul-2015 08:12
Send private message

Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?





13984 posts

Uber Geek
+1 received by user: 6756

Trusted
Subscriber

  # 1355665 31-Jul-2015 08:16
Send private message

I wondered this very thing myself with my own iPhone. This thread has explained it well and confirmed what I had assumed.




Mike
Retired IT Manager. 
The views stated in my posts are my personal views and not that of any other organisation.

 

Using empathy takes no energy and can gain so much. Try it.

 

 


2270 posts

Uber Geek
+1 received by user: 709

Subscriber

  # 1355671 31-Jul-2015 08:28
Send private message

Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?



12962 posts

Uber Geek
+1 received by user: 4337

Trusted
Lifetime subscriber

  # 1355855 31-Jul-2015 11:22
One person supports this post
Send private message

lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!





 
 
 
 


2694 posts

Uber Geek
+1 received by user: 769


  # 1355937 31-Jul-2015 12:14
Send private message

Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


So you want it to always require the fingerprint scan, as you feel it is more secure than a passcode?

What if the sensor dies?

2694 posts

Uber Geek
+1 received by user: 769


  # 1355947 31-Jul-2015 12:19
Send private message

Kyanar:
Paul1977:
nathan: The secure enclave is encrypted with the device id and with your own pin code, so when you boot up your device, there is no way to use the enclave until you provide the remaining security piece  - the pincode.


That's what i was getting at with my above edit, but never saw this in any official info that I had read. That makes sense, thanks.

But what about when you first purchase an app after a restart? The Secure Enclave is accessible at this point, but it still won't let you use Touch ID until you enter your Apple ID password. Is there a technical reason for this?


That's because at that point, it doesn't have your Apple ID password.  It needs you to provide it so it can verify with Apple that the password is correct (which it does by irreversibly hashing it and sending the hash).  Without the password, it can't generate a hash, therefore preventing you accessing Apple services that require positive identification.  As Apple doesn't have any of the Touch ID data, they cannot use that to verify.


OK, that makes sense. But why generate a new hash after each reboot, why not just store the hash in the Secure Enclave permanently?

2270 posts

Uber Geek
+1 received by user: 709

Subscriber

  # 1355949 31-Jul-2015 12:21
Send private message

Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 



12962 posts

Uber Geek
+1 received by user: 4337

Trusted
Lifetime subscriber

  # 1356374 31-Jul-2015 22:36
Send private message

lxsw20:
Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 


It is supposed to be 'good' for the phone to switch it off periodically so that it has to reboot, I read somewhere. And why waste charge etc overnight when I won't be using the phone?

I've changed the PIN to a more complex one.

However, it still seems more secure to require both on restart - if for no other reason than the fact that the phone must be in your possession to do that. Unless someone hacked off your finger, but I think that is remote enough as a possibility that we can put it aside....





905 posts

Ultimate Geek
+1 received by user: 420


  # 1356481 1-Aug-2015 08:13
Send private message

Geektastic: So... When you power your phone up, it asks for your PIN. You cannot unlock using your fingerprint.

This seems to fly in the face of using your fingerprint which cannot be guessed as opposed to your PIN which can. So why is it done that way?


1. You can use a complex password rather than a pin if you believe security is an issue

2. In the USA, the NSA can push your finger onto the button to unlock the phone, they can not however forced you to enter the pin.



Mad Scientist
20449 posts

Uber Geek
+1 received by user: 2789

Trusted
Lifetime subscriber

  # 1356504 1-Aug-2015 10:41
Send private message

Geektastic:
lxsw20:
Geektastic:
lxsw20:
Geektastic: Would it not make more sense, security wise, to require that when you turn the phone on (and I turn mine off at 10pm daily until I get up) it asks for the PIN and then, if you have it enabled, it asks for fingerprint as well?


So you're complaint is it takes another step to unlock your iPhone when you first turn it on, but now you want to add yet another step? (Just trying to understand the logic here). If it's just for security, then set a complex PIN. 

Why not have the phone set to go into Do Not Disturb mode at 10pm rather than turn it off?


Why not turn it off? I do not want to be phoned after 10pm so no need for it to be on.

My concern is that - theoretically at least - a fingerprint cannot be copied by the scroat who stole your phone.

Many PIN's can be inferred/guessed (especially 4 digit ones).

Thus it seems illogical to equip a phone with a biometric lock then disable it simply by turning the phone off then on again!


DND will automatically bounce the call directly to your voicemail. Why do something manually when you can automate it. Like I said, if the PIN is an issue, then use a complex PIN. 


It is supposed to be 'good' for the phone to switch it off periodically so that it has to reboot, I read somewhere. And why waste charge etc overnight when I won't be using the phone?

I've changed the PIN to a more complex one.

However, it still seems more secure to require both on restart - if for no other reason than the fact that the phone must be in your possession to do that. Unless someone hacked off your finger, but I think that is remote enough as a possibility that we can put it aside....


And what is the measure of good? So your battery will last 5 years instead of 4.8? So the phone will last 20 years instead of 12? It's like medicating a 90 year old to prevent an eye problem after 14 years.




Swype on iOS is detrimental to accurate typing. Apologies in advance.


What does this tag do
1014 posts

Uber Geek
+1 received by user: 218

Subscriber

  # 1356589 1-Aug-2015 12:49
Send private message

With Touch ID disabled, the encryption keys are thrown away each time iOS is locked.
The PIN is required to derive the encryption keys.

With Touch ID enabled, rather than throwing away the keys when the device is locked, they are wrapped in a key which is given to the Touch ID system. Then when you go to unlock the device, if Touch ID recognises the fingerprint it provides the key for unlocking the phone.

The idea of touch ID being you can use a much more complex PIN number than you normally would which is only required occasionally and then use your fingerprint to unlock most of the time.

I would guess that PIN is also required on boot because the fingerprint sensor could be tampered with while the device is turned off; i.e. if you had a photo of someone's fingerprint you could probably swap out the fingerprint scanner and digitally feed that in.

In summary, the PIN is used for deriving data encryption keys. Once that is done on the initial unlock, when you lock the phone a copy of that is given to Touch ID which will allow the device to be unlocked the next time.


Is a great whitepaper on it here, I certainly haven't read it all but really is amazing the way it has all been designed  https://www.apple.com/business/docs/iOS_Security_Guide.pdf


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.