Touch ID Improvements: Apple Hardens iOS Security
The Touch ID fingerprint sensor is one of the hallmark security features of the iPhone which, along with the Secure Enclave, protects your data from prying eyes and authorities while enabling you to use a long and secure passcode or passphrase without having to enter it every time you unlock your device. In addition to existing security features, Apple is now hardening the system by enforcing passcode entry after a set time.
Our colleagues at Macworld discovered how Apple apparently implemented a new Touch ID security policy, which aims to harden iOS security by forcing the user – or anyone in possession of your iOS device – to enter the passcode in certain conditions. If an iPhone has not been unlocked in the past 6 days using the passcode and/or hasn’t been unlocked using the fingerprint in the past 8 hours, manual passcode entry is required.
According to an Apple spokesperson, this security feature had already been in place since the launch of iOS 9, but has only been discovered by the press just now. The earlier set of security rules worked like so: If the iPhone had not been unlocked in the past 48 hours, switched off or rebooted, or five failed Touch ID authentication attempts were registered, your passcode was required to log into the system. More details are available in Apple’s official security guidelines for iOS 9.3 and later. The change to the security policy might have coincided with Apple’s clash with the FBI, but the causality for the change is entirely unknown.