But wait! Apple says its fingerprint sensors will be activated only by the tips of the fingers/thumb, which is not quite the same pattern as those left on street lamps and steering wheels. Anyone who uses Apple’s Touch ID sensor (that’s the official name) will have to create a backup passcode on the phone that will be necessary any time the device has been rebooted or hasn’t been unlocked for two days. So maybe that resolves the security problem.

Maybe. But the only truly secure authentication, Meltser says, is a three-legged stool: something you are, something you carry, and something you know. So a fingerprint is something you are, and a password is something you know. But because both of those can be stolen, only the addition of that third thing—something you carry—can truly keep your Instagram safe.

Something you carry could be something like a “cryptographic RSA token,” a physical dongle that you carry around to authenticate things with, and of course there are very few people aside from corporate spies and very determined cheating spouses who would go to all those steps. But the takeaway is the takeaway: fingerprint sensors don’t make anything more secure. Unless you’re one of those people: “A lot of iPhone users aren’t using a passcode to lock their phone at all,” said the EFF’s Lynch.