Touch ID and “Require Passcode: Immediately”

For people used to the iOS passcode lock, the fingerprint scanner on the iPhone 5S, which Apple calls Touch ID, comes with a significant drawback: with Touch ID enabled, it’s no longer possible to set the amount of time since the screen last turned off before the passcode — or, now, Touch ID — is required to unlock the device.

Going back to the very first iPhone, the “Require Passcode” setting has offered various options — “After 1 minute”, “After 5 minutes”, etc. — to control the passcode timeout, and nearly everyone I know who uses a passcode chooses a timeout of at least five minutes. I’ve generally set it to five minutes myself, which I feel provides a good balance between security and convenience: long enough so that I don’t have to reenter my passcode if I put my phone in my pocket for a minute while texting with someone or navigating somewhere, but short enough that, if I left my phone somewhere by accident, the passcode would likely be required before someone discovered it. Now, with Touch ID, “Immediately” is the only option. Waking the phone — every time — requires either scanning a fingerprint or swiping across the lock screen and entering a passcode manually.

The Require Passcode screen, with Touch ID disabledThe Require Passcode screen, with Touch ID enabled
On the left, with Touch ID disabled; on the right, with Touch ID enabled

Requiring authentication immediately is problematic for a number of reasons.

First, it greatly increases the number of times per day that Touch ID has to work. When functioning properly,[1] Touch ID is remarkably accurate and a delight to use. Yet it still occasionally fails to read my thumb on the first one or two tries, and it’s stymied by moisture or dirt. If I were only authenticating as often as I used to enter my passcode, it would easily be a net win — after all, I didn’t always get my passcode right on the first try either. Having to authenticate on every unlock, though, anything short of 100% accuracy for the scanner quickly becomes tedious.

Even when it’s working well, using Touch ID isn’t always the quickest or most convenient option. In iOS 7, it’s now possible to slide to unlock anywhere on the lock screen instead of just across the bottom — a great Fitts’s Law win. Among other things, this makes one-handed use much easier and more physically secure, since you can lock the phone with your index finger, wake it up the same way, and then slide your thumb across the top of the screen, without the finger acrobatics that were previously required to reach the bottom of the screen. Unfortunately, with Touch ID enabled, sliding to unlock is now never sufficient on its own, meaning that you have to either enter the passcode or adjust your grip to reach all the way to the home button each time. If you’re waking your phone repeatedly — say, to check your position on a map, or to return to something you’re reading — this gets annoying quickly.[2]

Requiring the passcode immediately also impairs basic iOS functionality: the ability to swipe across lock screen alerts in order to trigger actions. If you text someone via Messages, switch to Safari, lock the phone, and then receive a reply a few seconds later, unlocking via Touch ID will take you to Safari, not Messages. The same problem applies to any alert from an app that wasn’t the one you most recently used. The workaround is to slide across the lock screen alert to get to the passcode screen and then authenticate with Touch ID, but that’s an annoying extra step for people used to a passcode timeout, an unfortunate regression in usability for an action that people have done many times daily for years.

Finally, with Touch ID enabled, the passcode still remains an option: simply slide to unlock as before and enter the passcode. This is an important alternative when a registered finger isn’t clean/dry/free, and even before Touch ID I would occasionally find myself needing to use a lesser finger or knuckle to unlock the phone. Removing the timed options means that, when Touch ID is enabled, simply using the phone in exactly the same way as before is now significantly more onerous.

So if there are so many disadvantages to requiring the passcode immediately, why is it now the only option?

At first glance this might appear to simply be a bug,[3] but a perusal of Apple’s Touch ID documentation suggests otherwise:

Using Touch ID sets your Require Passcode setting to Immediately. You still have the option of entering your passcode simply by sliding to unlock.

While this doesn’t explicitly state that the other Require Passcode options are no longer available with Touch ID enabled, it strongly suggests it. Otherwise, why change the setting the user had assigned?

An alternative and more likely explanation is that the new restriction amounts to an opinionated view of how Touch ID should be used. Apple’s recommended technique for using Touch ID is to press and release the home button with a registered finger and leave it there until the phone unlocks. It seems plausible that, in Apple’s view, the new, correct way to start using an iPhone (except when simply interacting with Notification Center or Control Center) is always just to wake and unlock it in that manner.

Fortunately for those frustrated by this change, Apple has relented before on opinionated decisions that proved to be overly restrictive and/or optimistic. (See: apps.) Unfortunately, the fix isn’t as straightforward as simply restoring the missing timed options. Touch ID, as currently implemented, is a function of the passcode lock. If the passcode didn’t take effect for several minutes, it wouldn’t be possible to unlock the phone using Touch ID during that time. A solution in which Touch ID is only conditionally, unpredictably available is obviously a nonstarter.

The Fix

So what’s the solution, then? The Require Passcode setting should be separated from Touch ID. The previous timed options should be restored, but, true to the setting’s name, the timer should determine solely whether the passcode keypad appears or whether the phone unlocks immediately when the user slides to unlock. Touch ID, meanwhile, should remain operative on the lock screen at all times, even when sliding to unlock would be sufficient. This would allow people to continue to use the Apple-recommended unlock technique whenever they liked, but, when they knew they were within the passcode timeout period, to hastily wake the phone via either button and swipe across the screen — or, in the case of a lock screen alert, to swipe across the alert to trigger the associated action.

This isn’t a perfect solution. First, it would allow for the awkward — if harmless — situation of having Touch ID reject a fingerprint even when authentication wasn’t actually required. (The alternative, having it accept anything that seemed like a finger as long as the passcode timeout hadn’t expired, is probably too likely to produce accidental unlocks.) But if Touch ID is enforced before the passcode timeout, should three failed attempts still bring up the passcode entry screen, as happens now, even though simply swiping would have bypassed it? Should five failed attempts force passcode entry until the next unlock, again as happens now, even though the passcode itself wouldn’t yet have been required? The answer to both is probably yes, if only to avoid providing an unlimited, detection-free testing mode for CCC-style Touch ID hacks for anyone in temporary possession of a pre-timeout device.

Allowing a passcode timeout with Touch ID would also introduce a degree of unpredictibility into the unlock process, resulting in some unlocks that took longer than necessary because the user misjudged the timeout, tried to press-and-swipe, and ended up on the passcode entry screen, rather than simply using Touch ID from the outset. But since Touch ID can be used on the passcode entry screen as well, the penalty for misjudgments would be minimal. Furthermore, with “Require Passcode: Immediately”, swipes across lock screen alerts already always trigger the passcode entry screen, so in those cases an unexpected timeout would simply result in the current behavior.

Even if the timed options were restored, most people would continue to unlock their devices with Touch ID at all times, as Apple surely prefers. But for people who lock and unlock their devices constantly and still want to keep their data secure, the Require Passcode setting has always been a crucial time-saving feature, and it would remain so in conjunction with Touch ID. Touch ID is impressive technology, but it would be a shame if the only way to match the usability of the last six years of iOS was to turn it off.

[1] For the first week that I had the phone, Touch ID failed constantly with one of my thumbs, requiring one or two tries every time. Knowing that early reviews had touted the system’s near-perfect accuracy, I tried various things to improve its performance: giving it time to learn more of my thumbprint, deleting and retraining, even adding different parts of my thumb as separate fingers to try to increase the coverage. No luck. I had pretty much concluded that either the scanner or my thumb was defective. Finally, nearly ready to disable Touch ID for the passcode altogether, I wiped off the sensor and retrained my thumb once more, and since then, it’s worked nearly every time. It seems possible to configure a finger with an inaccurate profile that the phone can’t learn its way out of.

[2] Also annoying? The glacial fade-in effect when waking the screen in iOS 7. It’s actually hard to compare the speed of Touch ID to the speed of pressing a button and sliding to unlock, since Touch ID begins processing immediately, whereas the screen doesn’t seem to register swipes until the effect completes. With the fade-in effect, Apple is essentially cheating a bit to make Touch ID seem faster, but it’s doing so at the expense of traditional unlocks.

[3] One theory I’ve seen is that the presence of the “Shorter times are more secure” message in the pane suggests that the other options were intended to be available. However, Exchange servers have always been able to restrict iOS passcode-lock policies, including limiting the available options to “Immediately”, and the same message has remained even in that case. There is a bug here, but it’s simply that the message appears even when “Immediately” is the only available option.