Why does iOS require a passcode (not Touch ID or Face ID) after reboot? Is passcode more secure?
Why iOS Requires Passcode After Reboot
face-idiospasswordtouch-id
Related Question
- IOS – Why does the iPad require me to tap ‘OK’ for a 6 digit PIN, but the iPhone does not
- iOS Unlock – How to Enable Touch ID When Passcode is Required
- IPhone – Changes to Touch ID warning after restarting iPhone due to unresponsive app
- Require username+password after sleep/lock
- iPhone – How to Leave Lock Screen After Face ID on iPhone 11
- iOS 13 – Use Without Creating a Passcode
- IOS – How to Unlock iOS 12 with passcode, without disabling touch ID
Best Answer
Short Answer
It has to do with how the security subsystem in iOS works.
Long Answer
User's biometric data is securely stored in a mathematical form in special hardware called Secure Enclave on iOS device. This data is not readable and never leaves the device. The Touch ID/Face ID subsystem do not have access to it.
When the device is locked, the Data Protection keys which are held in Secure Enclave are wrapped with a key that's given to the Touch ID or Face ID subsystem inside the Secure Enclave. When an unlock is attempted, if the device detects a successful match, it provides the key for unwrapping the Data Protection keys, and the device is unlocked.
But, when the device restarts, the keys required for Touch ID or Face ID to unlock the device are lost; they're discarded by the Secure Enclave.
Hence the device passcode is required to authentication the user.
To get a better sense of the iOS security design, you can refer to the iOS Security Guide, which is updated by Apple after major updates to iOS. The contents in the answer are derived from iOS Security Guide for iOS 12.3 released in May 2019.