Something that I think people underestimate is just how easy it is to observe you entering your password on a phone, and why that (in my opinion) makes thumbprints much more secure than passwords for casual usage - e.g. every-time you unlock your phone.
All you need is a camera over your shoulder and you don't even need to observe the key-presses as generally the current character is displayed on screen. You could likely observe 100s or 1000s of them a day with an overhead camera at transit stations and the like.
The same thing goes for "Tap And Go" contact less payments not requiring a PIN number under $100. Everyone goes on about how people can run up a few hundred dollars at different stores with your card if they steal it. But consider exposing your pin to surveillance during most common transactions which then also lets you remove cash from an ATM with that card if stolen which is much harder to recover and is also much higher value than the generally $30-$100 limit for transactions without a PIN.
Next minute you'll freak out when I tell you I can clone your house key from a photo of it hanging off your belt...
The general point is that security trade-offs are generally deeper than you might realise on the surface, especially at "public outrage" levels of observation which so frequently haunt the public mind in recent times.
I'm not sold on this Face ID business yet though.. will see how it is presented tomorrow.
All you need is a camera over your shoulder and you don't even need to observe the key-presses as generally the current character is displayed on screen. You could likely observe 100s or 1000s of them a day with an overhead camera at transit stations and the like.
The same thing goes for "Tap And Go" contact less payments not requiring a PIN number under $100. Everyone goes on about how people can run up a few hundred dollars at different stores with your card if they steal it. But consider exposing your pin to surveillance during most common transactions which then also lets you remove cash from an ATM with that card if stolen which is much harder to recover and is also much higher value than the generally $30-$100 limit for transactions without a PIN.
Next minute you'll freak out when I tell you I can clone your house key from a photo of it hanging off your belt...
The general point is that security trade-offs are generally deeper than you might realise on the surface, especially at "public outrage" levels of observation which so frequently haunt the public mind in recent times.
I'm not sold on this Face ID business yet though.. will see how it is presented tomorrow.