Apple's TouchID and the NSA
I can't help be skeptical about Apple's reasons for introducing fingerprint recognition on the new iPhones. As a market leader and, to a great extent, one that other manufacturers slavishly follow, I find the fact that it's been fairly easily circumvented pretty concerning:
The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
The default for previous iPhones has been a four-digit passcode. This has 10^4 possible combinations (i.e. you've got a 1 in 10,000 chance of just guessing it). But Apple's TouchID system is only five times more secure:
Every fingerprint is unique, so it is rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 for one enrolled finger. This is much better than the 1 in 10,000 odds of guessing a typical 4-digit passcode. Although some passcodes, like "1234", may be more easily guessed, there is no such thing as an easily guessable fingerprint pattern. Instead, the 1 in 50,000 probability means it requires trying up to 50,000 different fingerprints until potentially finding a random match. But Touch ID only allows five unsuccessful fingerprint match attempts before you must enter your passcode, and you cannot proceed until doing so.
Why not just force everyone to use six-digit pass codes (upping it to 10^6 or 1 in 1,000,000) and giving people three attempts?
I suspect - but can't prove - that Apple is working with the NSA. Check out this Wired article on the way that fingerprint recognition could circumvent the Fifth Amendment:
[T]he constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).
Added to this, the new version of OS X ('Mavericks') features iCloud Keychain. So while Apple can promise that they don't upload your biometric details to 'the cloud', it may be that you choose to do so:
Remembering your passwords can be a real pain. But now iCloud Keychain remembers them for you. It stores your website user names and passwords on the devices you’ve approved, protects them with robust 256-bit AES encryption, and keeps them up to date on each device. And it automatically fills them in whenever and wherever you need them. The new Password Generator suggests unique, hard-to-guess passwords for your online accounts. iCloud Keychain works with credit card information too, so checking out is a snap. Juggling passwords has never been so simple. Because now you don’t have to.
I may just be wearing my tinfoil hat, but I bet you the NSA can crack 256-bit AES encryption. I bet you.