Hitoshi Kokumai over at ProgrammableWeb has a rather silly article arguing that smartphone fingerprint sensors actually worsen security. Strictly speaking, the article is correct in the sense that the government could force you to provide a fingerprint while they can’t compel you to open your phone with a password. But, as always with security, what’s good is informed by your threat model.
If your threat model includes being arrested with incriminating data on your phone, then yes, you should turn off the fingerprint sensor and use a password more secure than a 4-digit pin. Most of us, of course, don’t have that threat model. It’s much more likely to be, “I want to protect the data on my phone if it is lost or stolen.” In that case, the fingerprint scanner is arguably more secure than a pin.
Kokumai argues that what’s really needed is two-factor authentication where both the pin and the fingerprint scan are needed to unlock the phone. Of course, that wouldn’t increase security because nobody would bother. The point of the scanner is convenience. If you make using it an additional burden no user would want it. It doesn’t even help the drug dealer who could just use the password without harming security while making unlocking the phone more convenient.
In the real world, it’s at least arguable that the fingerprint scanners make phones more secure because people who wouldn’t bother with a pin might find the scanner convenient enough to use them instead of leaving the phone unprotected. If you’re not a drug dealer or otherwise a specific target of law enforcement there’s no reason to fear the scanners; they just make your life easier without having any significant effect on your security. As exciting as all those James Bond scenarios seem, most of us do live in the real world.
UPDATE: Even