How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
Sandtrap
Posts: 19590
Joined: Sat Nov 26, 2016 5:32 pm
Location: Hawaii No Ka Oi - white sandy beaches, N. Arizona 1 mile high.

How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Sandtrap »

I have an Iphone 7 plus.
It has fingerprint ID for access.
I also have the apps for Vanguard, Schwab, etc, etc. that have fingerprint ID access instead of typing in the passwords.

How secure is this?

Should I disable the fingerprint access on the apps and use manual password entry?
Should I not use the Iphone for access to the brokerages and banks and use my MacbookPro instead?
My MacBook Pro (newest) also has fingerprint access and authentication. Is this any more secure than the Iphone?

Should I enable 2 factor authentication or other? on all accounts where possible?
(not sure if this is worded right)

I am very "old school" so this technology is overwhelming.
worried :shock:
j
Wiki Bogleheads Wiki: Everything You Need to Know
PFInterest
Posts: 2684
Joined: Sun Jan 08, 2017 11:25 am

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by PFInterest »

yes 2fa for everything.
touchID is fine. technically can be tricked but so can everything.
no both touchID are the same.
keep all apps and software UTD and cont safe practices and move on.
User avatar
N1CKV
Posts: 864
Joined: Wed Mar 21, 2012 8:18 am

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by N1CKV »

How secure is secure enough?
I mean.... they could chop your finger off and gain access without your cooperation. If it was password only they would have to crack the password or torture you until you gave up the password, so if you are really that worried: How much torture can you withstand?
User avatar
jhfenton
Posts: 4754
Joined: Sat Feb 07, 2015 10:17 am
Location: Ohio

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by jhfenton »

TouchID is quite secure.

At least with the Vanguard iOS app, TouchID can only be used to view your account information. If you try to trade or transfer you then have to enter your password. That strikes a nice balance of convenience and security.

The TD Ameritrade app allows you to set three levels of access to grant via TouchID: Login, Trade, Cash Movement. I don't allow cash movement via TouchID.
BW1985
Posts: 2079
Joined: Tue Mar 23, 2010 6:12 pm

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by BW1985 »

jhfenton wrote: Thu Oct 19, 2017 1:13 pm TouchID is quite secure.

At least with the Vanguard iOS app, TouchID can only be used to view your account information. If you try to trade or transfer you then have to enter your password. That strikes a nice balance of convenience and security.
+1. I just found that out the other day. It's perfect.
Chase the good life my whole life long, look back on my life and my life gone...where did I go wrong?
Katietsu
Posts: 7676
Joined: Sun Sep 22, 2013 1:48 am

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Katietsu »

I have tried to do a lot of reading on the safety of the various online ways to access one's financial accounts. I know I have seen many here post that they would not use their phone. I feel differently and have found at least some experts that agree.

To me, the main benefit of the iphone is that programs/apps can only be downloaded from the App Store. Is it possible that Apple could make a mistake and allow malware to get through? Yes. But so much less likely than picking up malware from whatever site on a PC or MAC. Secondly, the app has been provided by the institution. If there is a problem with its security, there is no question who is at fault. I have also heard mention that iOS was developed after the security threats were better recognized and therefore was designed from the beginning with this in mind.

I would, however, recommend that you do not use the phone on public wifi for financial transactions. And that you only use a phone that can run the most recent iOS.
Last edited by Katietsu on Thu Oct 19, 2017 4:18 pm, edited 1 time in total.
User avatar
Topic Author
Sandtrap
Posts: 19590
Joined: Sat Nov 26, 2016 5:32 pm
Location: Hawaii No Ka Oi - white sandy beaches, N. Arizona 1 mile high.

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Sandtrap »

Katietsu wrote: Thu Oct 19, 2017 3:34 pm I have tried to do a lot of reading on the safety of the various online ways to access one's financial accounts. I know I have seen many here post that they would not use their phone. I feel differently and have found at least some experts that agree.

To me, the main benefit of the iphone is that programs/apps can only be downloaded from the App Store. Is it possible that Apple could make a mistake and allow malware to get through? Yes. But so much less likely than picking up malware from whatever site on a PC or MAC. Secondly, the app has been provided by the institution. If there is a problem with its security, there is no question who is at fault. I have also heard mention that iOS was developed after the security threats were better recognized and therefore was designed from the beginning with this in mind.

I would, however, recommend that you do not use the phone on public wifi. And that you only use a phone that can run the most recent iOS.
Public wifi would mean, airport, starbucks, etc, etc. Right?
Wiki Bogleheads Wiki: Everything You Need to Know
Katietsu
Posts: 7676
Joined: Sun Sep 22, 2013 1:48 am

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Katietsu »

Sandtrap wrote: Thu Oct 19, 2017 3:38 pm
Katietsu wrote: Thu Oct 19, 2017 3:34 pm I have tried to do a lot of reading on the safety of the various online ways to access one's financial accounts. I know I have seen many here post that they would not use their phone. I feel differently and have found at least some experts that agree.

To me, the main benefit of the iphone is that programs/apps can only be downloaded from the App Store. Is it possible that Apple could make a mistake and allow malware to get through? Yes. But so much less likely than picking up malware from whatever site on a PC or MAC. Secondly, the app has been provided by the institution. If there is a problem with its security, there is no question who is at fault. I have also heard mention that iOS was developed after the security threats were better recognized and therefore was designed from the beginning with this in mind.

I would, however, recommend that you do not use the phone on public wifi. And that you only use a phone that can run the most recent iOS.
Public wifi would mean, airport, starbucks, etc, etc. Right?
Let me clarify. I do not mean to never use public wifi with a phone. I mean that I will not do financial transactions or other sensitive actions on most wifi. I restrict these activities mostly to my home wifi. I only say mostly because I also trust using the wifi at select other locations where I am sure of the security and have confidence in the limited number of people with access.
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by TravelGeek »

N1CKV wrote: Thu Oct 19, 2017 11:58 am How secure is secure enough?
I mean.... they could chop your finger off and gain access without your cooperation. If it was password only they would have to crack the password or torture you until you gave up the password, so if you are really that worried: How much torture can you withstand?
Oh, you just have to show me that sharp knife of yours and i’ll happily unlock the app, whether with my finger or with the password ;)

If I didn’t use the touchID and Android equivalent, I would likely use weaker passwords to make access on mobile devices less painful and error prone. Passwords (or at least their hashes) can be retrieved without access to me or my device, and en bulk (so likely more ROI for the thieves). So in short, I use a strong password and touchID.
azurekep
Posts: 1179
Joined: Tue Jun 16, 2015 7:16 pm

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by azurekep »

Katietsu wrote: Thu Oct 19, 2017 3:34 pm I have tried to do a lot of reading on the safety of the various online ways to access one's financial accounts. I know I have seen many here post that they would not use their phone. I feel differently and have found at least some experts that agree.
I was a bit surprised to hear that, but then again, it's usually privacy issues, not security issues, one hears about with smart phones.

I did check out a few links and saw pros and cons on either side

One thing that stood out though was this:
Insecure banking apps

Banking apps ought to be more secure than browsers, but it ain’t necessarily so. In 2014, Ariel Sanchez tested 40 home banking apps and found that 90% included insecure links (ones that didn’t use SSL), 40% didn’t check the validity of SSL certificates, 50% were vulnerable to cross-site scripting, and 40% were vulnerable to man in the middle attacks.

In a typical hack, the user might get a message to say that their session or password had expired and they needed to retype their user name and password. (Don’t.)

Today’s banking apps should be much more secure, but I wouldn’t bet on it.
https://www.theguardian.com/technology/ ... or-banking
User avatar
Topic Author
Sandtrap
Posts: 19590
Joined: Sat Nov 26, 2016 5:32 pm
Location: Hawaii No Ka Oi - white sandy beaches, N. Arizona 1 mile high.

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Sandtrap »

azurekep wrote: Thu Oct 19, 2017 9:42 pm
Katietsu wrote: Thu Oct 19, 2017 3:34 pm I have tried to do a lot of reading on the safety of the various online ways to access one's financial accounts. I know I have seen many here post that they would not use their phone. I feel differently and have found at least some experts that agree.
I was a bit surprised to hear that, but then again, it's usually privacy issues, not security issues, one hears about with smart phones.

I did check out a few links and saw pros and cons on either side

One thing that stood out though was this:
Insecure banking apps

Banking apps ought to be more secure than browsers, but it ain’t necessarily so. In 2014, Ariel Sanchez tested 40 home banking apps and found that 90% included insecure links (ones that didn’t use SSL), 40% didn’t check the validity of SSL certificates, 50% were vulnerable to cross-site scripting, and 40% were vulnerable to man in the middle attacks.

In a typical hack, the user might get a message to say that their session or password had expired and they needed to retype their user name and password. (Don’t.)

Today’s banking apps should be much more secure, but I wouldn’t bet on it.
https://www.theguardian.com/technology/ ... or-banking
This is spooky. :shock:
j
Wiki Bogleheads Wiki: Everything You Need to Know
User avatar
oncorhynchus
Posts: 196
Joined: Fri May 23, 2014 2:30 pm

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by oncorhynchus »

Without endorsing illegal activity, another thing to consider is that passwords and fingerprints are treated differently under the 4th & 5th Amendments to the US Constitution.

Specifically, you cannot be compelled to reveal a password, but can be compelled to unlock/decrypt your device with a fingerprint.

o
-- Give a man a fish and you feed him for a day; teach a man to fish and you feed him for a lifetime. --
User avatar
Topic Author
Sandtrap
Posts: 19590
Joined: Sat Nov 26, 2016 5:32 pm
Location: Hawaii No Ka Oi - white sandy beaches, N. Arizona 1 mile high.

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by Sandtrap »

oncorhynchus wrote: Fri Oct 20, 2017 12:50 am Without endorsing illegal activity, another thing to consider is that passwords and fingerprints are treated differently under the 4th & 5th Amendments to the US Constitution.

Specifically, you cannot be compelled to reveal a password, but can be compelled to unlock/decrypt your device with a fingerprint.

o
That is interesting. I shows how far Phones have evolved. I can't imagine anyone compelling another to unlock a "flip phone".
Actionably. . perhaps it's better to password protect phone access then fingerprint access the Apps.
Wiki Bogleheads Wiki: Everything You Need to Know
wrongfunds
Posts: 3187
Joined: Tue Dec 21, 2010 2:55 pm

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by wrongfunds »

perhaps it's better to password protect phone access then fingerprint access the Apps.
As far as I know, then the phone can not read your wet fingers, it asks you for your password. Thus password is the fallback mechanism.
User avatar
abuss368
Posts: 27850
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
Contact:

Re: How secure is fingerprint ID on the Iphone and also for App ID access such as Vanguard?

Post by abuss368 »

N1CKV wrote: Thu Oct 19, 2017 11:58 am How secure is secure enough?
I mean.... they could chop your finger off and gain access without your cooperation. If it was password only they would have to crack the password or torture you until you gave up the password, so if you are really that worried: How much torture can you withstand?
Priceless! It made be think of some movies!
John C. Bogle: “Simplicity is the master key to financial success."
Post Reply