I'm glad someone is talking about this. If you set a passcode, iOS encrypts your data with a key derived, in part, from your passcode and a per-device salt; Apple claims that even with access to the device, a nine digit passcode would take 2.5 years to brute force. [1]
A fingerprint is only useful for authentication, not key derivation, which makes it effectively useless in protecting your secrets from a determined attacker. As it stands today, my data is encrypted with a key that isn't stored on my device. Unless Apple has developed some kind of fingerprint-based key derivation algorithm, that can't be the case for the hapless user who replaces his passcode with a fingerprint scan.
I fear that the innovation announced today is going to make people and their data less safe, not more.
A fingerprint is only useful for authentication, not key derivation, which makes it effectively useless in protecting your secrets from a determined attacker. As it stands today, my data is encrypted with a key that isn't stored on my device. Unless Apple has developed some kind of fingerprint-based key derivation algorithm, that can't be the case for the hapless user who replaces his passcode with a fingerprint scan.
I fear that the innovation announced today is going to make people and their data less safe, not more.
[1]: http://images.apple.com/iphone/business/docs/iOS_Security_Oc...