> Thieves actively exploit this by “shoulder surfing” a victim’s iPhone passcode before stealing the device
If someone is using biometrics how often are they really using their pin that this would at all be a valuable tactic? I very rarely actually need to enter my pin on my phone so this largely seems like a moot point?
Like yeah it is still technically possible but if we really get down to it, if someone were to get learn the pin than passkey is equally worthless since they could also use my phone then to authenticate anything passkey. Fairly surprised that software based passkeys are just skipped here since I doubt most people are using hardware based passkeys, particularly on mobile devices.
I think there is a bigger (not just banking) discussion to be had about what can be done your phone's pin. But with the convenience of biometrics set an actually strong password for your phone instead of a 4 or 6 digit code.
I use a PIN to unock because of legal rulings as you cannot be compelled to give your PIN (5th Amendment applies because it's "testimonial") but you can be compelled to use biometrics (5th does not apply).
Individual apps I use biometrics except on reboot if they support that.
FaceID only works like half the time on me. Really want the fingerprint unlock back. The thing is, to get into Chase, you need my long Chase password OR my Face ID. Can't just use my passcode.