...
But wouldn't the TouchID be creating a secure password that only the user knows (by hashing the fingerprint data)?
I am thinking Apple recommends the 6 digit only because they know most users can't remember a long secure password. That is why Apple created TouchID.
Thus I am sorry, but I think you are incorrect on this issue.
I do think Apple uses a separate password to control which s/w you can install, which I detest, but that is an orthogonal issue.
TouchID. has already been long since being cracked.
https://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid I mean seriously someone's phone is not going to have their fingerprints on it? Giving people a false sense of security in order to sell security theater is detestable.
But that is because the user didn't wipe their fingerprint off the phone. That doesn't prove that TouchID has an insecure DRM.
Precisely what sort of access would you recommend for a mobile device? Uses will not memorize a secure password.
A separate key they carry on their keychain?
P.S. this is important to me because my former colleague and boss if a top researcher at Apple. And I have his ear. So I don't want to present an argument to him that is flawed.
TouchID is, at present, a convenience feature that allows fast unlocking functions instead of typing in a passcode. It is never required and the passcode is always required. Thus it can't possibly add any additional security beyond what the passphrase already provides.
What they have planned for the future I have no idea.