Yahoo CEO Marissa Mayer confessed something this week that surprised some security experts: She doesn’t lock her iPhone.
“I was like ‘Look, I just can’t do this passcode thing, like, 15 times a day,’” Mayer said at the TechCrunch Disrupt conference in San Francisco.
She is hardly alone. Half of iPhone owners don’t bother to lock their devices with four-digit passwords, Apple revealed this week. But whether those people are impatient, negligent, or just apathetic, the company wants to help them. On Tuesday, Apple introduced a new iPhone that allows people to unlock the device with the touch of a finger.
The new fingerprint scanner, known as Touch ID, is more than just a cutting-edge new feature for the iPhone 5S. It’s also Apple’s attempt to solve a larger problem tech companies face as hacking becomes widespread and consumers demand easy-to-use apps and gadgets: How do you balance security and simplicity?
Apple co-founder Steve Jobs understood this tension well. He “hated” the iPhone swipe and pincode security feature because “it was in the way of the user experience," Sebastien Taveau, chief technology officer of Validity Sensors, told USA Today.
Even Steve Kirsch, who makes his living protecting consumers’ online identities, doesn't put a password on his iPhone. The inconvenience of typing it over and over, he said, outweighs the possibility that someone could steal his phone and access the data on it.
"I open my phone 30 times a day,” said Kirsch, the founder of OneID, which allows people to log into multiple websites without entering a password. “Why would I enter a four-digit code and subject myself to that agony? It's wasted time and effort."
The fact that half of iPhone owners don’t lock their devices may just be human nature. In 2008, for example, State Farm Insurance found that less than half of 1,000 people surveyed always locked their front doors -- a routine that occurs far less often than people checking their phones.
However, smartphone thefts are skyrocketing. In major cities, they make up about 40 percent of all robberies. And while a home burglar might steal your TV, a cybercriminal might use information on an unlocked smartphone to commit identity theft, according to Michael Kaiser, executive director of the National Cybersecurity Alliance, a nonprofit that promotes awareness about cybersecurity.
"A device like the iPhone contains a massive amount of data about you,” Kaiser said. “It has all your personal and business contacts, your emails, and if you're using a banking app, your financial resources."
So why don’t people use the security feature? Kaiser compared not locking an iPhone to other "risky behaviors" like smoking cigarettes or drinking and driving.
"People who think they don’t need a passcode on their iPhone don't understand the value proposition of taking an extra second or two to protect themselves,” he said. “The return on that time investment is tremendous."
While some consumers may not understand the risks, Graham Cluley, a security expert, said it was “alarming” that Yahoo's Mayer did not lock her phone given her role as the head of a company responsible for securing the online lives of millions of people.
“What kind of example is she setting by not having any form of login security on her smartphone?” Cluley wrote in a blog post, adding, “I wonder what other sensible security steps she doesn’t bother with?”
Yahoo is one of several tech companies, including Google, Twitter and Facebook, that have introduced two-factor authentication -- which requires people to log in, then enter a pincode sent to their phones -- as an added security feature.
However, those companies have made the feature optional, not mandatory. Kirsch said that's because they are worried about burdening users with extra security measures.
Now, some experts say new advancements in biometrics -- or verifying people’s identities from their fingertips, irises or heartbeats instead of passwords -- could change that equation and become a holy grail of sorts for cybersecurity.
"If all you have to do is tap your finger, that adds a huge level of security without the inconvenience,” Kaiser said.
Apple’s new fingerprint scanner was welcomed by Mayer, who said she looked forward to not typing in her pincode multiple times a day.
"When I saw the fingerprint thing I thought 'Now I don’t have to,'" she said. "So I was excited about that."
Apple’s new one-touch security feature is also likely to be embraced by several iPhone owners who were interviewed this week on the streets of New York City.
Romina Krosnyak, a 19-year-old New York University student, told HuffPost that she never locks her iPhone because it's too hard to remember the password.
"I kept changing it and I would forget," she said. "Plus it's faster to just swipe it."
Harold Scheeren, a 19-year-old New York University student, said he disabled his iPhone password so it was easier to change songs or respond to texts while he was driving.
"It was a hassle," he said, sitting on a bench in Washington Square Park.
Adi Cohen, a 37-year old account manager at AOL, which owns The Huffington Post, said he never locked his personal iPhone because he found it "annoying."
"I think people who have pincodes are hiding something,” he said.
Cohen said he was not concerned that a thief might steal his phone and gain access to his emails, phone records or other private information.
"As far as I know," he said, "the NSA is doing that already."