Skip to main content

Opinion: The three things I think Apple needs to do to unlock the full potential of Touch ID

touch-id

I mused recently about the limited support for 3D Touch, not just from third-party developers but even by Apple itself. That’s not something I consider a huge deal: the novelty appeal of 3D Touch soon wore off for me, and I decided I could happily live without it when switching from the iPhone 6s to the iPhone SE. It was just something that struck me as odd.

But exactly the same issue exists with Touch ID, and that’s something I do think is a big deal.

Passwords are horrible. They were fine way back in the days when we only needed a handful of them, but these days you need a password to do everything from transferring photos from a camera to an iPad through to ordering a pizza. We probably each have hundreds of the darned things.

And passwords are especially horrible on iOS devices – where we have to switch an on-screen keyboard between letters, numbers and symbols multiple times to type a single password. That’s a problem that ought to have been almost completely solved by Touch ID – yet that’s not the case …

Keychain and password managers help with websites (check out our how-to guide if you’re not yet using one), but they are still not a 100% reliable way to login – and these days it’s often apps, rather than websites, to which we need to login.

Some apps support Touch ID, of course. I can remember breathing a sigh of relief when my bank did. Instead of having to type random characters from my password and then answer a security question (which I used as an opportunity for a secondary password rather than an actual answer to the question because memorable questions are horrible too), now I just put my thumb on the sensor and I’m in.

But many apps still don’t. Implementing Touch ID in an app isn’t difficult, yet a great many developers haven’t bothered. Indeed, as with 3D Touch, not even Apple has implemented it fully in its own apps.

It’s only in iOS 9.3 that we got secure notes – and with that the ability to use Touch ID to open them. And while iOS 8 introduced the ability to hide photos, there’s no protection of that ‘hidden’ photo album. Indeed, if you did let anyone look through your photos, that album would be the first place anyone would look for any ‘interesting’ ones. That, surely, is the poster child for Touch ID protection in one of Apple’s own apps?

So I think there are three things Apple needs to do to realize the full potential of Touch ID.

own-apps

First, fully implement Touch ID in its own apps. While Touch ID protects the device as a whole, it’s not unusual for people to allow family and friends to use it – including kids. There may be plenty of sensitive data on an iPhone besides hidden photos.

Find My iPhone is a case in point. If you’re already signed-in, anyone using your device could use it to remotely wipe any of your other devices. Anyone have any teenage kids who might think that was amusing? Find My Friends, too – the whereabouts of your family members and friends isn’t something you’d necessarily want available to anyone with access to your phone in general.

Mail is another example. If you have multiple accounts, you may well want to protect access to one or more of them. Same with Messages – if a friend has texted you their bank details to allow you to pay for something you’ve bought from them, you’ll probably want to keep that thread secure.

The Health app, too. Body measurements are something people may wish to keep to themselves. I’m sure there are other examples, but you get the idea.

3

Second, make it an iTunes review requirement for any third-party app with a login for it to offer Touch ID as an option. Not everyone will choose to use it – you may, for example, use a single app with multiple accounts – but it should always be an option.

Third, go one step better than this: provide system-level app-locking as an iOS feature. In that way, users could choose to use Touch ID to protect any app – Facebook, Twitter, Google Authenticator, you name it. If Apple then passed that login confirmation to the app, the app would also know it was ok to login users automatically. (Again, you want a setting for this, for apps where people have multiple accounts.)

Implementing these three features would be a win-win for Apple and its customers: increasing the security of the devices, while at the same time making many apps more convenient to use.

Would you like to see Apple implement these features? Please take our poll, and share your thoughts in the comments.

Images: TweakTown; Apple; iDownloadBlog. Thanks to Benjamin, Greg and Zac for contributing to this piece.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. shareef777 - 8 years ago

    Sounds to me like you just need to stop giving your phone to other people to use lol.

    In seriousness, I would think Apple would allow TouchID anywhere that a password prompt would pop up. I find it strange that I can spend $10 on an app with touchID, but have to manually enter my password to leave a review on that app.

    Additionally, many apps that implemented TouchID need to go all in (or at least give the option to). Chase bank for example implemented TouchID to login, but to actually send money or view messages I have to manually enter my password. So essentially the only thing TouchID brought me was to be able to view my balance and line item of stuff I paid/purchased. That doesn’t make sense. Before that TouchID update I could see those details without even logging in (swiping on the login screen of the app). TouchID is SECURE. It’s secure enough to lockdown my entire banking info so they need to go all in on it.

    • nutmac - 8 years ago

      The reality is that if you have a spouse/girlfriend and/or kids, they will use your phone from time to time. Being able to create Touch ID for multiple secondary users, and be able to limit certain apps and data (similar to Restrictions setting) would be very handy.

      • shareef777 - 8 years ago

        Yeah, I was kidding. My 2yo uses my phone more then I do. Though I wouldn’t lock every application down. I’ll just back charge him for anything he buys lol.

    • spiralynth - 8 years ago

      >> TouchID is SECURE. It’s secure enough to lockdown my entire banking info so they need to go all in on it.

      Well, it’s not THAT secure. In one particular way, it’s far less secure than a password locked in your brain.

      As my girlfriend often jokes, sometimes she waits until I fall sleep (and when I sleep, I sleep deep), carefully positions my 6s under my index or middle finger … and bingo, she has access. Fortunately, I don’t really care what she sees because I have nothing to hide from her, but it wouldn’t be too hard for the mugger who knocks you out an uppercut to do the same.

    • crichton007 - 8 years ago

      There are plenty of places where TouchID makes sense but isn’t used. If I want to redeem a code in iTunes I have to type in my password. If I want to make a purchase after restarting my device I have to type in my password. Some of it doesn’t make sense to me but then again no one from Apple has ever asked me my opinion.

    • Justin (@jay_palm) - 8 years ago

      This a hundred times. The chase app is so frustrating, and no additional security is added by restricting what you are able to do with tough ID. When I need to do anything besides view how much money I have or owe, I switch to the settings app and use touch ID to copy my password so that I can log in. It just complicates the process, honestly to the point that I hardly use the app and just use online.

  2. totencough - 8 years ago

    Yes.

  3. chrisl84 - 8 years ago

    4….bring it to OS X? Either through handoff or Magic mouse or built right into macbooks?

    • Ben Lovejoy - 8 years ago

      Yep, I’m 100% confident that’s on the way.

    • shareef777 - 8 years ago

      I use an app called MacID for that. Right now it’s limited to system password prompts, but I’m hoping it’ll be expanded.

  4. PhilBoogie - 8 years ago

    Apple should also send a TouchID device (yes, a single -albeit small- device) to the Federal Bureau of iPhones. Whenever they feel the need to unlock something, they can give Apple the finger¡

  5. dennyc69 - 8 years ago

    I can see a lot of what your asking for coming at WWDC, or you would think so anyways.

  6. Jake Becker - 8 years ago

    Apple and more third-party apps….When PayPal of all companies gets it right and other apps still make you use the zoomed keyboard…ugh

  7. Absolutely positively, yes! A great article once again, Ben.
    One question though: Do you give Apple a link to these feature requests and suggestions through the Feedback form?

  8. Max - 8 years ago

    One thing I would like would be the ability to give different “rights” to different fingerprints. For example, I share my iPad with my boyfriend. I would like for him to be able to unlock the device with TouchID, but not necessarily allow his fingerprint to be used to make iTunes purchases, or access my banking app, etc.

    Well, user accounts for iPad would be a great start to alleviate these problems. And they could easily go the extra mile, and directly login the user in the right account, based on their fingerprint, rather than asking to manually switch between them.

    • Ben Lovejoy - 8 years ago

      Yep, user accounts are the way forward here, I think.

    • michabailey - 8 years ago

      What I’ve wondered is whether or not that’s a possibility. Does the SE give the OS an indication of which fingerprint was sensed? I know the OS doesn’t have access to the fingerprint data itself and it just gets a pass/fail, but I haven’t seen anything that specifies whether or not it’s a generic pass or a specific fingerprint.

      • Max - 8 years ago

        I have no idea what is or isn’t possible with the current TouchID hardware.

        I guess some of these features would be possible to implement, to some extent. While the SE may not be able to give the OS an indication of which fingerprint was sensed, the OS has access to the list of fingerprints (so you can add and remove them etc.).

        For example, let’s say you set a fingerprint (let’s call it “fp_1” as being the only one usable to make iTunes purchases. When trying to do so, the OS could pass along your fingerprint data, as well as the identifier “fp_1” as a parameter to the SE. Then, the SE would only check against the specified subset of fingerprints, instead of any of them, before giving the “pass” or “fail” result.

        Like I said, I have no idea if any of it is actually doable right now with the current hardware. But as the OS as at least access to some kind of identifier for fingerprints (to be able to manage and remove them, etc.), it doesn’t seem too far-fetched to me.

  9. Jeremy Pilcher - 8 years ago

    APPLE TV! Touch ID not included on the Siri remote is a big miss to me. I would love to use my thumb to open my own profile on the Apple TV. One that doesn’t include all of my wife’s shows in recently watched on Netflix, or all of my children’s shows… I would also like to have my little girl’s thumb on there so that when she opens it, parental settings are clearly set–including a max amount of television time per day.

    • Igor Śródka (@Igorr29) - 8 years ago

      Yes, great idea!

      Now when I want to buy an app on tvOS I just need to connected iPhone to enter my password, otherwise it would be so inconvenient to type all those signs from my password on this funny swipe-y keyboard.

    • taoprophet420 - 8 years ago

      Authenticated Siri on Apple TV would be easier and work better.

  10. Igor Śródka (@Igorr29) - 8 years ago

    I was wondering why Hidden photos are not hidden behind the TouchID from the very beginning.

    Anyone happy to answer that?

    PS Don’t start that I shouldn’t give the phone to anybody because… particular notes can be hidden! :)

    • Scott (@ScooterComputer) - 8 years ago

      Also my contention. It is almost as if Apple holds some kind of prudish opposition towards “bad” pics. Beyond bizarre in the Age of Sexting that it took Apple so long to even IMPLEMENT a “Hidden Photos” album, then didn’t even PASSCODE lock it! I mean…jaw-dropping. But that Notes gets encryption first??
      Completely share you sentiment. Abject “miss” on Apple’s part.

  11. Grayson Mixon - 8 years ago

    I’m all for making Touch ID a requirement. I think Apple needs to be more aggressive is making new features mandatory.

    They should have a one year or so grace period for devs to get things together, and then make all new apps and app updates implement new system wide features where they make sense. For example:
    slide over
    split screen
    touch ID
    healthkit

    And if they wanted to go super aggressive, they could require corresponding apps on:
    iPhone
    iPad (it already stretches iPhone apps, but modifying for the aspect ratio, resolution, and larger keyboard is not overly difficult)
    Apple TV (most of my games, even graphics intensive games, are not on Apple TV yet, even though I would prefer them there instead of my iPad)
    Apple Watch (onStar RemoteLink on the Apple Watch would be killer to replace my car keys)

    Although, that requirement would have to be designed to not become overly burdensome to small developers, who are already struggling to turn a profit with limited resources.

    • xpxp2002 - 8 years ago

      On a side note, I’ve been waiting almost a year for OnStar Remote Link to support Apple Watch. I sincerely hope that it’s coming. Having the car remote unlock or remote start from Watch would be the ultimate car key.

  12. iammrandrews - 8 years ago

    I just wish our fingerprints could be used everywhere. I’d love it if my Magic Mouse and Trackpad could read my fingerprints as I’m navigating login pages and just slip me right into my web apps, sites and services without a single key-press being required.

    But maybe I’m dreaming.

  13. Ray Nothnagel - 8 years ago

    Implementing in their own apps, yes, I agree. I’d actually add more to your list: Safari Private Browsing should require TouchID to access. And Photos should have a private photo album option – someplace TouchID-protected to store your sexts.

    System-level app locking is also a no-brainer.

    However, Apple already exerts a LOT of control over the way third-party apps behave, and it’s very possible for an app developer to have legitimate reason to disallow TouchID-supported login – this can be as strongly recommended as possible, but it should NOT be an App Store requirement.

  14. taoprophet420 - 8 years ago

    For the increased price the Magic accessories should have included Touch ID or Apple could enable it on Macs using Handoff/continuity from your idevice. The 2nd option is probably more secure.

    I think limiting access to photos is the most desirable to me of the ideas you listed.

    I think with the fight with the government over security most of the features you listed will be at least partially implemented ion iOS 10.

  15. PMZanetti - 8 years ago

    1000% Yes.

    Touch ID is incredibly useful, and like you I find it insanely frustrating when I switch to App (Apple’s or otherwise) that doesn’t support it, requiring me to go searching through 1Password and/or iCloud Keychain (aka Safari > Passwords) to find and eventually copy and paste it.

    There are far too many 3rd party Apps not supporting Touch ID, iCloud Keychain, or Extensions (and therefor 1Password). I think HipChat and Screens are the only 3rd party Apps on my devices that allow pulling up the 1Password extension for logging in.

    The answer is as you said: Make it Mandatory. I am a firm supporter of this, maybe even an extreme supporter of this. Touch ID would be the first mandatory requirement I would impose, on any App that requires a Login. Then there is a long list of other OS-level, Apple-created APIs that I would start adding to the Mandatory list.

    The majority of 3rd party App developers have done a *TERRIBLE* job of keeping up with iOS features hand-delivered by Apple as pre-packaged APIs. I think Apple has been too kind and too relaxed on this. They have debuted some awesome features in the last few OS releases, and by leaving it up to developers, the developers have sat on their laurels content not spend extra time just to add quality and value to their Apps, when there is no promise of immediate return.

  16. melman101 - 8 years ago

    Is anyone here an actual developer? It’s hard to implement authentication systems and more work to implement Touch ID. Requiring it would be a very undue burden on app developers.

  17. John Clinton - 8 years ago

    I use touch id for my Bank of America App. Works great.

    • cdm283813 - 8 years ago

      I use it for Mint but that’s the problem. Not all developers implement the feature.

  18. cdm283813 - 8 years ago

    I use a app called “app lock” on my S7. Allows me to lock down any app with a fingerprint. Dirty shame my iPhone 6S /iOS don’t do this. Especially when the scanner on the 6S is slightly better than the S7. The S7 works fine but the scanner on the 6S is a beast.

  19. prffl - 8 years ago

    Great article! Can anyone please explain to me why Apple demands that we enter our passwords when the iPhone re-starts? The point of TouchID is to move away from the easily-snooped upon use of passwords… What kid doesn’t know their parent’s password by now?

  20. rickard2014 - 8 years ago

    I’d like Touch ID to have an iCloud backup to whomever wants to back their fingerprints up. I personally don’t care if the US Government tries to put their hands in my fingerprints, they already have foreign traveler filed anyway.

  21. The big improvement Apple should make, about the privacy/security, is implement a Keychan app like OS X. Obviously with touchid to unlock it.

  22. Douglas Brace - 8 years ago

    I wish it would be possible to use a third-party password manager (LastPass) within another app (my banking app) to enter my password. I know that web browsers (at least it is possible in Safari and Google Chrome) have this functionality but I do not believe other apps do as well.

    Right now I have to open LastPass, use TouchID to authenticate into my vault, find the entry, copy the password, go to my other app (which may or may not have already been opened and if it was opened it might have lost its place in the login process), and paste the password. This process also doesn’t take into consideration that my password is still in memory in the clipboard and could be pasted somewhere else.

    Yes, having my bank’s app implement TouchID authentication would be faster and more secure but I already have the login credentials in my password manager.

  23. baussie - 8 years ago

    I am afraid that is a rare situation when users don’t understand the real implications of what they want.

    I am a developer myself. I have added Touch ID in my apps back in iOS 8 when the API was introduced. However, I am convinced that Apple should never make Touch ID a mandatory thing for anyone. If you use an app that lacks Touch ID support and there is a competitor who does – then just make a switch. Competition, people, not restrictions and requirements!

    Next, better support by iOS itself. I agree only to the extent when an Apple ID password dialog is presented. Yes, there always should be a Touch ID option for that.

    However, adding granular system-level Touch ID settings for every app (whether to require Touch ID for launch) is unnecessary. Apps that really require Touch ID at launch should implement it themselves. You don’t want to overwhelm iOS with settings.

    You can’t ask iOS to be “simple to use” and at the same time include settings for every possible scenario.

  24. Smigit - 8 years ago

    I agree on 2 and 3, but not 1. Currently the iPhones set up as an individual device and I don’t believe Apple should be complicating the situation by having apps behave differently based on which fingerprint is used on a per an app basis. Instead, people should just be mindful of who has access to their phone. I don’t think adding micromanagement of credentials per an App really enhances the experience and will likely prove to be time consuming and frustrating, particularly as new apps are obtained over time or existing ones change. It also raises questions as to how push notifications would function.

    If they were going to start actually supporting multiple users per a device they should go all in and have multiple device user profiles, with all apps having their own per user data store that is each individually encrypted with the device owner having the ability to delete any account, but others not having that access. Hell if Apple gets their way and SIM cards become virtual, it could possibly even allow multiple numbers to be associated with the device, although I see the whole thing being more advantageous on iPads than iPhones.

  25. champsee - 8 years ago

    Contrary to popular opinion, Touch ID is less secure than using passwords. Remember that all one needs to do to add their fingerprint to a phone is to have the 4 or 6 digit passcode to get into your phone. If a bank asks you to create a secure password (i.e. More than 8 characters including a number, capital letter, etc.), allowing TouchID means that your bank information can suddenly be accessed by guessing a 4 digit code.

    That said, TouchID would be useful as a secondary means of authentication for apps that don’t require to enter a password every time you use it. For instance, typically you can just tap on the Mail app and get into that persons email. They could add TouchID as an extra measure to stop someone who has your phone. Though that said, iOS forces you to require you re-enter your passcode/fingerprint after a couple of minutes of inactivity in order to use TouchID, so that scenario would be of limited usefulness.

    • Ben Lovejoy - 8 years ago

      Only if you use a weak passcode.

    • Smigit - 8 years ago

      Touch ID isn’t foolproof security, but it aims to strike a better balance between convenience and security than PINs or complex passwords may do. Prior to Touch ID, most iPhones probably didn’t use a PIN because it was a hassle for the user. Complex passwords are better than 4 digit PINs in isolation, but they are also bad if they are implemented in a way that discourages users from enabling security features. I’d argue that while Touch ID and a PIN isn’t as secure as a complex password, they do foster a more secure environment overall due to the convenience factor being magnitudes better.

      As for banks…they still support 4 digit numeric PINs for ATM transactions and the like. Also related to the banks but arguably payments made via an iPhone are two factor and thus not that bad given you need access to the phone AND you need to know the PIN or have the fingerprint. Having the PIN alone won’t help. The phone also has measures built in both to disable it’s ability to be used as a payment device and to locate it if it is lost, which helps add some security countermeasures and ones that wouldn’t reside on a traditional credit card.

    • baussie - 8 years ago

      >If a bank asks you to create a secure password (i.e. More than 8 characters including a number, capital letter, etc.), allowing TouchID means that your bank information can suddenly be accessed by guessing a 4 digit code.

      Not really, passcode has no relation to that. In case of a banking app, Touch ID is used to decrypt the secure password that was previously created by a user (the one that has numbers, capital letters, etc.). Once decrypted with Touch ID, it is provided back to the app for authentication.

      Besides, adding Touch ID for authentication in an app does not necessarily mean that passcode can be used instead. It is up to a developer whether allow passcode authentication alongside with Touch ID.

  26. Pablo Ledesma - 8 years ago

    i have been with this idea for around a month or two, don’t know if anyone thinks like me, here it is: 2 months ago my gfs iPad was stolen, it was obviously protected with passcode and Touch ID, the think here is that even if the device is blocked with the passcode, it can be turned off, and that really pissed me off since, from that moment the iPad was never found on find my iPhone app, so i don’t know if it is possible, but it will be a nice touch that you can’t turn off the device when is locked given you plenty of time (depending on your battery life at the moment is stolen) to search for your device and call the police, i think if this is possible, thefts would think about twice before stolen a device.

  27. Pablo Ledesma - 8 years ago

    In a total off topic, i like to share an idea I’ve been wondering about for a month or so, my girlfriends iPhone was stolen two months ago, it was obviously with locked, the thing here is that, even with the device locked it can be turned off, which i think is a flaw, since anyone who steals your phone can turn it off and of course it can’t be tracked from find my iPhone, what im suggesting, is that if is possible to in order to turn off your phone or put it on airplane mode, you need to unlocked first, so the next time any device is stolen it can’t be turned off and obviously can be traced, given you time to call the police and retrieve your device.

  28. i prefer shutdown and airplane mode being id protected

  29. cjt3007 - 8 years ago

    Why would someone ever need to text you their bank details for buying something? There are plenty of ways to send cash that are more secure and easy to do on an iPhone… like send money via paypal, Facebook, and numerous other methods. These exist precisely so you don’t have to worry about who has access to the phone or computer you send your bank account and routing numbers.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear