The controls over fingerprint and password security on the iPhone 5s.
iOS encourages you to enter a complex password, so it's harder for someone else to guess your password. (Many pundits falsely claimed the iPhone requires only four-digit PINs; that's the default option. Exchange ActiveSync policies or mobile device management servers can enforce the use of complex passwords.) The fingerprint reader enters your password if you hold an enrolled finger on the Home button when the iPhone 5s is locked or when making a purchase from an Apple store. If you've turned off the iPhone 5s, you must type in the password; the same goes if you haven't accessed the iPhone 5s for 48 hours or more.
The fingerprint hash is stored locally on the A7 chip itself and, so far, is available only to iOS itself to unlock the device and to the App Store, iBooks, and iTunes Store apps to authorize purchases (if you enabled that option). It is not synced to any server or backed up.
The fingerprint sensor works remarkably well, and you can have up to five authorized fingerprints, such as yours and your spouse's. As a result, there's less of a barrier to using a password on your iPhone and having it auto-lock when not in operation. That makes the device more secure.
I can't underscore enough how Touch ID makes it more convenient to have a stronger password on your iPhone. That's a win-win for everyone but thieves.
Speaking of security, there's also been a kerfuffle about flaws that allow users to access the iPhone from the lock screen without entering a password. This is an iOS 7 issue, not specific to the iPhone 5s. Apple corrected just such a flaw a week ago in an update. But it's true that iOS lets users access the Control Center, dial by voice, use Siri, use Passbook, reply to incoming calls via text message, and control music playback even when the iPhone is locked — except for the ones you disable. Businesses that use a mobile device management (MDM) server can enforce policies that prohibit any or all of these except music playback controls.
Also available to any iOS 7 device, not just the iPhone 5s, is the new device lock that prevents the iPhone or iPad from being reset, reimaged, or transferred to a new carrier or owner until the correct Apple ID is entered. This is enabled by default, rendering stolen and lost iOS devices useless to black-market sellers.
Plus, iOS 7 introduces enterprise-grade application management APIs and licensing management that no other mobile platform offers. There's no other commercial device that comes close to matching the iPhone 5s's level of security — save a BlackBerry — and none matches its security convenience or application manageability.
Sign up for CIO Asia eNewsletters.