So...
According to Apple, my fingerprint is acceptable proof of my identity. With my fingerprint and Apple Pay, I can purchase thousands of dollars worth of merchandise at a wide variety of stores. Apple Pay's entire existence is predicated on the concept of my fingerprint being secure, immutable, infallible validation of somebody who is authorized to make charges to my credit card.
And yet...
If I have to restart my phone, suddenly my fingerprint isn't good enough to make a $2.99 purchase from Apple's own App Store?
In all seriousness here, Apple... go fuck yourself.
This stupid shit has got to stop.
By continuously asking people for their damn password for no good reason, you encourage people to choose easy to remember, easy to type, easy to hack passwords. You force people to ignore good security practices. And when people have their accounts hacked and their personal, private photos "leaked" onto the internet... you have the balls to say it's not your fault... that people need to choose stronger passwords... which you make entirely too difficult for them to do.
If my fingerprint is good enough to buy $1000 worth of shit at Foot Locker, it's damn well good enough for me to buy a three-dollar app in your own app store... even after restarting my frickin' phone.
Or is there something inherently risky about fingerprint security that you're needing to tell us now that Apple Pay has launched?
I love comments! However, all comments are moderated, and won't appear until approved. Are you an abusive troll with nothing to contribute? Don't bother. Selling something? Don't bother. Spam linking? Don't bother.
PLEASE NOTE: My comment-spam protection requires JavaScript... if you have it turned off or are using a mobile device without JavaScript, commenting won't work. Sorry.
Atom Entries Feed Comments Feed
Perhaps the fingerprint security chip is protected by a token that must be regenerated after restart and is keyed to your AppleID. Or something like that. Thinking about it further, perhaps it’s the other way around: to allow the security chip access to your AppleID may require unlocking it after reset. This makes more sense as it would apply separately for your unlock code. Yes, I bet it’s something close to that.
I had no problem purchasing a package of Post-It Notes at Walgreen’s via Apple Pay earlier in the day… AFTER my restart, which was last night.
And, come to think of it, I must have used TouchID to unlock my phone dozens of times after the restart. It’s only when I went to purchase a $2.99 app from Apple’s App Store that the phone gave a crap that I had restarted it. This is even more bizarre than I had first thought!
Yeah, I don’t know that there’s a good answer. Perhaps the iTunes Store has a separate token from Pay as well, since it supports TouchID without Pay. Or did you switch to Pay already for iTunes Store?
Given Apple’s history of no clear logic for when you get prompted for your password, it could certainly just be more of the same as you’ve assumed at the beginning. I guess I’m still willing to extend the benefit of the doubt for dealing with the enhanced security of how TouchID (and Pay) work.
Preach.
I don’t know what’s going on with Apple lately. I don’t know if I have high expectations or if I’ve lost my mind or what, but the latest iteration of iOS 8 and OS X are both wicked buggy. The security is very random. Having to enter my password to install a FREE app from the app store in mind boggling enough, but as you noticed, to have to enter your password to get Touch ID to work is just insane.
I’m sensing a dysfunction inside Apple as a company. I wonder how they’d like it if we asked them to move into their new spaceship building without it being complete, or to have to enter a passcode to get out of the bathroom or something.