alt Hacker News> I don’t even use biometrics on apple devices
Assuming Apple is truthful on this matter (so far it seems so), Apple devices store a mathematical representation of the data, not the data itself (i.e. not a picture of your finger) and keep it only on device on a special hardware section designed for extra security. When apps ask for authentication, they can never inspect the data, they can only ask “does this match?”.
Even if you were somehow able to exfiltrate the data and find some way to transform it for something nefarious, you’d still need to first attack and bypass a specific hardware feature of the target’s device.
So sure, not having any representation of the data anywhere is technically more secure (maybe, as typing your code could be intercepted by a shoulder surfer or a camera), but biometrics on Apple devices are fundamentally not the same as having your raw data available on a random server somewhere.
Replies
Also, given how many times you enter a 6-digit number over a day, it's absolutely trivial to steal it. Let alone basic patterns people use, smudges etc.
In the use case of a mobile phone, apple's face id absolutely improves security several-fold.
I broadly trust apples stance on all of that.
I can however revoke a 6 digit pin at any time, my fingerprints and/or face not so much.
So entirely for me, the balance is use a pin, I understand that different people feel differently and that is entirely their choice as it should be.