Follow

Fingerprints are user names, not passwords.

· SubwayTooter · 11 · 49 · 40

@polychrome Disagree. They’re about the same a numeric passcode. Less secure against a targeted attack by experts, but much less susceptible to casual attempts to guess a memorable number, use a cracked password from elsewhere, or find a written note.

@lanodan UUID really, since it's a random number within a large range that's supposedly unique (except in real life many collisions occur)

@polychrome
They're not even *unique* usernames.

"Sorry, this fingerprint is already taken. Please choose a different one."

@polychrome @theruran All security schemes depend on your threat model. If a device is usually in your possession, rarely left unattended in insecure spaces, and the device locks out fingerprint auth under the right conditions (too many failed attempts, time since last auth, sitting on a desk for some period of time), fingerprints are reasonably secure against casual snooping. They're also a somewhat better presence indicator than simply tapping on a bit of metal like with the Yubikey Nano.

@polychrome @UnclearFuture this and since they're ultimately just read as numbers by systems, the only thing they change from traditional passwords even if encrypted is the ease of inputting them. Which, oh wait breaking news! The US government can force the use of your physical body to open your biometrically "secured" data! Your finger is not considered a secret key to them and therefore not subject to protection against unlawful search or self incrimination!

Go change your phones to a different security system right now everyone please.

@alice @UnclearFuture also like I stated in a previous post, if you're a tourist they already have your fingerprints on file. So, there's that.

Sign in to participate in the conversation
Cybrespace

Cybrespace is an instance of Mastodon, a social network based on open web protocols and free, open-source software. It is decentralized like e-mail.