Via the Wall Street Journal, an Apple spokesperson fleshes out some of the finer details surrounding the fingerprint sensor and Touch ID. To use Touch ID, it is mandatory to also set up a passcode. This acts as a fallback in case the fingerprint sensor fails temporarily or experiences a permanent hardware fault. iOS may necessitate a passcode under some other conditions, as well.
Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn’t been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.
By having the sensitive data expire fairly quickly, Apple is hoping that hackers will not have enough time to decrypt the data and have it still be useful. However, the time is long enough that it should not inconvenience users very often.
Apple says testing has shown that although the sensor is substantially better than fingerprint protection systems found in laptops, it will fail occasionally. In particular, Apple points out that moist fingers (such as sweat or residue from creams and lotions) do not work well with the device. The system may also have difficulty reading fingers that have scarred skin. However, as Touch ID can manage up to five fingerprint profiles at a time, Apple notes that customers can still take advantage of the feature by simply using a different finger for recognition.
In addition, Apple reaffirmed that third-party apps currently do not have access to the scanner or any fingerprint profiles saved on the device. Touch ID can only be used for unlocking the phone and as a password replacement for iTunes purchases.