Ann Cavoukian, the Privacy Commissioner of Ontario, Canada, said that an Apple password breach might not be quite so catastrophic, provided that the company takes the right steps. "If Apple were to use biometric encryption, they would not be using the fingerprint itself as the password," she said, "Instead, they would store something meaningless as the password with the fingerprint as the key."
Cavoukian has had success in using biometric encryption in Ontario, particularly with video cameras armed with facial recognition that target gambling addicts and prevent them from trying to sneak into government-sponsored casinos. "I approved of this because the cameras used biometric encryption," she said. "Only the biometric record is retained on file, not the actual face."
If someone broke into an iPhone and stole the device's record of the fingerprint, it wouldn't affect the security of products and services outside of the iPhone. "They wouldn't get the actual fingerprint or ID, just some gibberish," said Cavoukian. Overall, she approves of the sensor. "I think it's a good idea, but the devil's in the details."