There are all sorts of reasons fingerprints are not a highly secure authentication mechanism. Just as there are all sorts of reasons passwords and other techniques are imperfect. Password entry can be observed. Chosen passwords are frequently insecure, particularly on smartphones where brevity is so important.
Fingerprints are an excellent mechanism for almost all threat vectors for your average consumer smartphone. Your friends, enemies, and criminals would have to go through enormous, expensive, and clearly unethical efforts to access your phone. Given the convenience and security of this, I'm entirely happy with the security of my thumbprint-encrypted iPhone.
It's important for people who are dissidents or engaging in criminal activity to be aware that their brain is more secure than their fingerprint, although that seems entirely obvious to anyone capable of maintaining a high security lifestyle.
>It's important for people who are dissidents or engaging in criminal activity to be aware that their brain is more secure than their fingerprint, although that seems entirely obvious to anyone capable of maintaining a high security lifestyle.
The problem with the brain is that it forgets. For example if you have an important piece of information that you encrypt with a long passphrase, you will likely have no problem decrypting it if you do so every day but if you don't use the passphrase for a few months, you probably won't remember it. However you probably will remember where you have the passphrase if you write it down and put it somewhere secret where nobody will be able to both find it and to know what it's for. IOW, don't hide the paper in your house.
Considering there is no 'active' part (e.g. no known secret) it cannot be used for authorization, only for identification. The 'kids unlock phone with sleeping parent and buy stuff' techniques are a clear proof of this. Fine for identification, do not use for authorization (e.g. using secrets like when you buy stuff).
I'm still fine with this threat vector. The idea is to prevent casual intrusion, not premeditated intrusion. If I put my phone on the dinner table, no one is going to send text messages.
Fingerprints are an excellent mechanism for almost all threat vectors for your average consumer smartphone. Your friends, enemies, and criminals would have to go through enormous, expensive, and clearly unethical efforts to access your phone. Given the convenience and security of this, I'm entirely happy with the security of my thumbprint-encrypted iPhone.
It's important for people who are dissidents or engaging in criminal activity to be aware that their brain is more secure than their fingerprint, although that seems entirely obvious to anyone capable of maintaining a high security lifestyle.