Banking app logon – multiple fingerprints on a device vs 2 passwords known by 1 person
Yesterday I logged on to my banking app via my iPhone. The normal procedure was to enter information that consisted of:
- The answer to a security question. This had to be entered in full and was the same during each login.
- Three characters from an additional string. The specific characters asked for were different for each login.
A message appeared which said that they were "upgrading" this to be more secure. It involved setting up a security answer (a string which was different to [1]). However, after using this it simply said that touch (fingerprint) ID could be used instead of using any of this information.
In theory this sounded ok, but it then said that it would work for anyone who had a fingerprint access for the device. The device in question is an iPhone SE. Given it's possible for multiple fingerprints to work on an iPhone I was wondering how secure this actually is?
I have a couple of thoughts on this:
- If I have to enter the details as in [1] and [2] then only I know them (unless they are leaked). So in theory only one person knows these details (me).
versus:
- If someone else has fingerprint access on the device I use they can enter the app without any additional details.
My thoughts were what if this was a shared device (e.g. family iPad/phone)? This is possible - and quite often the case - for example:
Or, maybe you share an iPad with your significant other, and they want to use Touch ID too. There’s any number of valid scenarios where you’d want to use a different finger with your Touch ID sensor. Luckily, Apple anticipated this because iOS allows you to add as many fingerprints to your device as you want
(Source: https://www.howtogeek.com/205525/how-to-add-touch-id-fingerprints-to-iphone-or-ipad/)
In the previous method it relied on someone entering details only they knew, versus a method multiple people may be able to perform.
I won't name the bank in case this is some serious issue.
Please can someone provide details about whether this is genuinely a step in the right direction in terms of security and whether there are advantages/disadvantages over the previous method?
