...
But wouldn't the TouchID be creating a secure password that only the user knows (by hashing the fingerprint data)?
I am thinking Apple recommends the 6 digit only because they know most users can't remember a long secure password. That is why Apple created TouchID.
Thus I am sorry, but I think you are incorrect on this issue.
I do think Apple uses a separate password to control which s/w you can install, which I detest, but that is an orthogonal issue.
TouchID. has already been long since being cracked.
https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid I mean seriously someone's phone is not going to have their fingerprints on it? Giving people a false sense of security in order to sell security theater is detestable.
Also, TouchID is only a secondary mechanism. When you power cycle an iOS device you always have to unlock it with he password first, only then can you use TouchID. Later, you can use the password instead (necessary if TouchID doesn't work, which apparently is not so uncommon).
Finally, I don't think the phone in question had TouchID