The big question on the minds of folks who work in places that use Mobile Device Management (MDM) systems since the release of the iPhone 5s last week has been, "Will I be able to use the fingerprint scanner on the iPhone instead of having to type in the long and complicated passcode required by my MDM every time the phone goes to sleep?"
The answer to that question is, "Yes. Yes, you will."
Apple's Touch ID fingerprint scanner is built into the underlying hardware of the iPhone 5s. Here's another way to say it, once the iPhone 5s knows your fingerprint, it enters your passcode for you. When the phone asks you to prove who you are the MDM can't tell whether you typed the code or whether you scanned a fingerprint.
When do I need to type the passcode?
Entering the device passcode is required under the following circumstance:
- After restarting the iPhone
- After the iPhone remains locked for 48 hours
- When accessing Passcode & Fingerprint settings
Type the passcode and then you're back in business.
How many fingerprints can one establish?
The iPhone 5s allows you to train up to 5 fingerprints. And, because the fingerprints reside on the phone, if you share an iCloud account among multiple devices, you can establish different sets of fingerprints on each device.
For my iPhone 5s, I have 3 of my own fingerprints trained — an index finger on each hand and a thumb on my left hand. I've reserved one for my wife and another for one of my sons. If they know the passcode, they don't need to scan a finger, but scanning is so much quicker and easier.
Consider strengthening your security
Now that entering the passcode requires a single touch instead of a complex sequence of taps, consider strengthening your security posture. (That's fancy talk for taking steps to make your phone harder to access without a fingerprint.)
There are a few things you can do to make the security a bit stronger:
Require the passcode immediately. A passcode lock delay of a few minutes was almost a necessity before the fingerprint scanner. Require it immediately. Why not? The fingerprint scanner is reliable enough that you will only rarely have to enter it with old fashioned typing.
[Settings > General > Passcode & Fingerprint > Require Passcode > Immediately]
Set a long, complex passcode. Now that typing codes in virtually a thing of the past, lengthen the complex code to ten, twelve, or even more characters. Keep it memorable; in the event you need to type it, but keep it long to foil ne'er-do-wells.
[Settings > General > Passcode & Fingerprint > Change Passcode]
Disable Siri on the lock screen. Siri can adjust phone settings and is available on the lock screen by default. Until Siri can recognize your voice, there's a risk in allowing anyone unfettered voice access; also think about adjusting settings for Voice Dial, and Passbook while you are there.
[Settings > General > Passcode & Fingerprint > Allow Access When Locked > Siri]
Disable Control Center on the lock screen. The control center is meant to give quick access to useful settings. However, there's a security flaw that allows hackers to bypass the iPhone 5s lock screen and grants access to some data on the phone. Apple is working on a patch.
[Settings > Control Center > Access on Lock Screen]
How can I learn more about the fingerprint scanner?
There's a great article over at imore.com that explains "Everything you need to know about the new iPhone 5s fingerprint identity sensor, Touch ID, that makes secure unlock and iTunes purchases more convenient than ever!"
Apple also has a brief video that explains the basics of fingerprint scanning.
Check them out when you have some time.