I think of fingerprint scanners on personal devices as a novelty feature. They don’t provide much security, because anyone who wants to get into the device can. They are like simple key and lock mechanisms which can be easily picked and only protect you from the generally lawful sort of person who won’t go to much effort to break into your stuff.
One thing that people in the US – or travelling into the US – should know is that even though you can’t be forced to hand over a password there, you CAN be forced to hand over your fingerprint to open a device. Your password falls under the 5th amendment right to not incriminate yourself, but your fingerprint (or really, any biometrics) do not.
NYPD has made the statement that fingerprint protection will help make your phone less likely to be stolen because it will make your phone worthless to thieves. I doubt that a fingerprint is going to give you any more protection than a pin or a pattern to unlock your phone. Yes, there are more patterns to try to match if you want to fuzz or brute force the lock, but there have been other ways shown to break into locked phones and bypass PINs already. (See Hak5 for several examples of hacks of locked phones.) I think that it’s just a matter of time before we see some non-fingerprint matching hacks for the new iPhone fingerprint lock as well.
The question, then, is who are you protecting your phone against? Your kids? Your coworkers? OK, this’ll do the trick. Thieves? This might be sufficient right now, but in a few weeks they’ll have a workaround if they don’t already. Authorities? You are much better off sticking to your PIN, at least in the US. In the UK, and I’m sure in other places as well, neither your PIN nor your fingerprint is going to keep you from opening that phone for them. And if they authorities REALLY want in, they’ll find a way.
