Back in 2013 when Apple introduced the iPhone 5s, fans and even the media went gaga over the new feature called Touch ID. The purpose of Touch ID is to make it easier to unlock your device with just your fingerprint, also unlocking apps and even authorize payments.

There was even talk that Touch ID would be the end of passwords, thanks to its use of the more secure biometrics technology, but just two days after the 5s was released, hackers managed to breach Touch ID’s security efforts.  

Even now, Touch ID is still flawed, though its vulnerability may be largely attributed to the mobile operating system. Still, if you rely on just Touch ID to keep your phone and your accounts secured, you may find yourself facing an empty bank account.

Earlier this year, two U.K. banks, RBS and NatWest, announced that they will be introducing support for Touch ID in their respective mobile banking apps. While it’s undoubtedly convenient to access bank accounts with just the touch of a finger, security experts aren’t too sure that this is a good idea. Richard Walters, General Manager and Vice President of Identity and Access Management (IAM) at Intermedia, explains why.

Walters states that “Using Touch ID as the only means of authenticating to sensitive apps, such as banking applications, is a perfect example of convenience taken too far.”

When Touch ID was introduced, Apple made it clear that the feature won’t be used to get more information from its users or be able to tie a fingerprint scan to a name. Though this may sound good on paper, as Apple won’t use the scans to create its own database of users complete with names and fingerprints, it also means that you can’t set individual user profiles on a device with Touch ID.

Some people, despite having Touch ID active, have no problem sharing their devices with others, and to some extent, even allow them to scan their fingerprint so they can easily unlock the device. This may be typical in households with parents who share their iPhones with their kids or teenagers. The problem is, since there are no user profiles, this could also mean that anyone with their fingerprint enrolled can also authenticate apps and even payments using Touch ID.

“Since iOS 9 doesn’t support individual user profiles, there is no concept of a Touch ID fingerprint belonging to an individual user,”Walters explains. “Any fingerprint enrolled can be used to authenticate to an application that uses Touch ID. There is no guarantee that the fingerprint belongs to the authorized user – just that it is stored on that device.”

Due to the lack of the ability of creating profiles using Touch ID, Walters does not recommend is as the only security feature to be used in the enterprise setting or instances where sensitive information is at play.

“Lacking a personalized and highly secure process for identity and access management can lead to unauthorized use of any iPhone device, and changing the passcode is no longer enough to make that device your own. You need to delete all of the stored fingerprints as well,” Walters concluded.

So what can you do to improve your iPhone’s security beyond Touch ID?

Toughen up your iPhone’s security

6-digit passcode

Before iOS 9, users could set a four-digit passcode to lock their iPhone. With the updated OS, you now have the option to choose between a four- and six-digit passcode.

To do this, go to the Settings app > Touch ID & Passcode > enter your PIN code if you have an existing one in place > Change Passcode > above the number pad to change your passcode, you will see Passcode Options, tap this and toggle to six-digit passcode > enter your current passcode > enter your new, six-digit passcode twice.

Alphanumeric

If you want a tougher password, you can also choose to have an alphanumeric password protecting your device. To set this, under Passcode Options you will see Custom Alphanumeric Code or Custom Numeric Code. Select the Custom Alphanumeric Code to set a new password that can contain lower and upper case letters, numbers and even special characters such as @, #, &.

Turn off lock screen notifications

This step may be a bit too extreme for some, but if you really don’t want anyone from having any idea what you are up to, disabling this will prevent them from getting a glimpse of your messages, emails, what apps you are using and so on. To turn this off go to Settings > Touch ID & Passcode > then toggle the ‘Allow access when locked’ to off.

Photo by CPOA