Turns out, all of you who were scared about your fingers being stolen along with your new iPhone can rest assured. Severed fingers won’t work.
I never quite understood that concern anyway. Thieves probably don’t want your phone for their own use, and they probably don’t want your contact list either. Your credit cards are hopefully not cached, though your account on Newegg could be set to remember your login. But if they really wanted that, then a background trojan passively watching your text entries would be a better bet IMO, meaning they’d want you to keep the phone.
What phone thieves most likely want to do is sell your phone for money, as replacement parts if necessary. And what kind of goofy black market would sell a brand “new” iPhone with some bloody ‘access dongle’ and a nine fingered discount? More likely, thieves would already have a way to reset your phone to factory new so they could wipe it clean and get top dollar.
What about the concern with the government getting your fingerprints? Apple says it doesn’t send or store the actual fingerprint image, but rather just a one-way hash of that data. Good. That only means the government could use your phone like they can today: to record where you go, what you buy, and even potentially what you say in its presence. In this case, they’d at best only have added confidence that it was really you dragging your phone to every strip club in Vegas vs. some other schmuck who “borrowed” it.
The only real concern I have is that of digitally forged fingerprint keys, though I’m sure someone will quickly find a way to spoof you physically, given a latex mold of your finger and some other electronics (that’s probably too much work to be practical).
The key is that the more we rely on a single point of access to validate ourselves, the more someone will try to spoof, copy, or bypass that method. Nothing in cryptography is foolproof, except maybe the old ‘one-time pad’ or its modern quantum equivalents (and even those have circumstantial flaws). If your bank accepts an Apple certificate saying you are who you say you are, at least according to its sensors, it’s that much more tempting for someone to try to forge that certificate. Two or more factor authentication is still the right answer here, but yet a consistently more painful one.
On the other hand, the value prop for the fingerprint sensor will likely win out with Apple’s customers. “You mean I never need to remember my password again? I just need to touch my phone for access to twitbooklinkpin+? Sold!” [this is probably Apple’s main motivation — becoming the trusted gateway to your data…]
The core question ultimately is not whether the fingerprint method is truly safe or not. It’s kind of like worrying about driving on the new Bay Bridge span, given its too-fragile steel rods. The right question is whether this fingerprint method is safer than the the present method for the vast majority of its users.
Since your mom is using the name of her beloved cat as the password on her main banking site, and since she has probably already clicked that phishing link on Facebook to give said fluffy56 to some Eastern European scammer, I’d say it probably is.