Using a password manager

[vrdiver]

If you do a web search for 'fingerprint access for phone how secure' I think you will see that it is probably no more secure than any other method.

Likewise the facial recognition that is currently being used, quite easy to bypass.

Ditti voice recognition (which was being used by HSBC).

Essentially, anything that is digitised can be faked; transmissions can be intercepted. I guess the trick is to minimise the impact of any security breach (i.e. use different email IDs and different passwords for accounts you don't want to be "group hacked") and to make hacking as inconvenient as possible by adding layers of security like 2FA, the ability to remotely wipe your phone, encrypting hard disks, obfuscating security information (hiding or masking password database files and burying them within encrypted apps like Truecrypt etc.).

Move on hacker, your time is better spent elsewhere...

VRD

[superFoolish]

If you do a web search for 'fingerprint access for phone how secure' I think you will see that it is probably no more secure than any other method.

There is a lot of misinformation about how easy it is to hack iPhone fingerprint scanners. In theory, it is relatively easy; in practice, not so easy. After 3 failed attempts, it reverts to requiring the PIN.

And, as mentioned previously, any targeted attack is more likely to be successful than a random attack. If someone is stalking me, copying my fingerprints, creating molds, and stealing my phone out of my hand, I have more to worry about than my current account and credit card!

[Infrasonic]

There is a lot of misinformation about how easy it is to hack iPhone fingerprint scanners. In theory, it is relatively easy; in practice, not so easy. After 3 failed attempts, it reverts to requiring the PIN.

Remember when the FBI wanted Apple to provide them with a back door to iPhones and Apple told them to 'go away' and 'we can't do it even if we wanted to because the iPhone is intentionally made that way'?...and then the FBI came back later with 'its OK we found our own way in, thanks'...

That...

[superFoolish]

There is a lot of misinformation about how easy it is to hack iPhone fingerprint scanners. In theory, it is relatively easy; in practice, not so easy. After 3 failed attempts, it reverts to requiring the PIN.

Remember when the FBI wanted Apple to provide them with a back door to iPhones and Apple told them to 'go away' and 'we can't do it even if we wanted to because the iPhone is intentionally made that way'?...and then the FBI came back later with 'its OK we found our own way in, thanks'...

That...

Well, yes; but, as mentioned, if I am being targeted for a hack (as opposed to random / opportunist), then I have more to worry about than my every-day credit card and bank account. I do not factor government intelligence agencies into my personal security arrangements.

We could equate it to home security; virtually no home is burglar-proof, but if I have deadlocks on my doors, locks on my windows, and a burglar alarm, then the opportunist thief is going to rob my neighbour who has a simple barrel lock and leaves her windows open. Someone from a government intelligence agency could probably be in my house with me for a week without me knowing, if they wanted to!

I regularly see friends and colleagues key in their PINs without attempting to obscure the digits, and then later leave their phone unattended. I could pick the phone up and unlock it in an instant. I see people in public, keying in the PINs, and then putting their phone in a bag or coat pocket and, if so inclined, I could take their phone and use it. I can't do that with fingerprint security, even though it may be technically less-secure than a PIN.

I don't think any contributor to this thread is expecting to advise, or be advised, how to avoid targeted breaches, especially by government agencies.

The bottom line is, a phone can definitely be breached with a targeted attack but, for most of us, we just need to be cautious and use a bit of common-sense*; obscure PINs, do not keep a phone where someone can easily take it, use strong passwords, different passwords for each account, etc.

*Not keen on the phrase 'common-sense'; I don't think it really exists.

[UncleEbenezer]

There is a lot of misinformation about how easy it is to hack iPhone fingerprint scanners. In theory, it is relatively easy; in practice, not so easy. After 3 failed attempts, it reverts to requiring the PIN.

Wasn't the iphone designed (if set up for high security) to self-destruct after too many failed attempts?

If I were tasked with trying to get in to a device that was secured against failed attempts, I'd take out the relevant storage and mount it read-only in another device under my own control. No idea if that would help against iphone security (it wouldn't help against encryption beyond giving space to guess a passphrase), but at least it takes away the countdown to oblivion.

Remember when the FBI wanted Apple to provide them with a back door to iPhones and Apple told them to 'go away' and 'we can't do it even if we wanted to because the iPhone is intentionally made that way'?...and then the FBI came back later with 'its OK we found our own way in, thanks'...

That...

The FBI didn't disclose details. And they might of course be bluffing all along.

[Infrasonic]

The FBI didn't disclose details. And they might of course be bluffing all along.

Would have been a bit daft if they had disclosed the details, but yes they may have been bluffing. Let's not forget Apple also have a history of marketing BS wrt to their "innovation" (they ripped the GUI off of Atari, where Jobs worked for a bit...), security/viruses et al, so I wouldn't treat everything they say gospel either...

[mc2fool]

Let's not forget Apple also have a history of marketing BS wrt to their "innovation" (they ripped the GUI off of Atari, where Jobs worked for a bit...)

Uh? Which GUI are you referring to? If it's the Lisa-then-Macintosh interface then that came from Xerox PARC's (Palo Alto Research Centre) mouse operated graphical interface designs, as commercially (albeit not very successfully) implemented in the Xerox Star.