LeelooYour fingerprint has expired. Please choose a new fingerprint to continue. You new fingerprint can not be the same as any of the 10 previous fingerprints you have used.
Biometrics is an id, not a password.
Passwords and hardware devices also have an important safety feature that biometrics lack.
When you are cornered by a large dude with a machete asking about your password, you can hand them over and save yourself.
When he tells you to hand over your finger - or even worse, eye - you don't have a lot of options.
This is usually the place where some nerd with no sense of reality bursts in to say that good fingerprint readers can detect a pulse and will refuse to scan a cut off finger. The question then is, is he really going to believe that after cutting off one of your fingers, or is he going to think that you told him the wrong finger and start cutting off fingers until he has one that works, or you run out of fingers?
Kevin Karhan 
@leeloo in fact it's trivial to copy Fingerprints!
- And unlike Passwords there's a very finite amount of possibilities, even if we also take into account toeprints...
@kkarhan
That was my first point.
That was my first point.
Leeloo (@[email protected])
Your fingerprint has expired. Please choose a new fingerprint to continue. You new fingerprint can not be the same as any of the 10 previous fingerprints you have used. Biometrics is an id, not a password.
zygmydI tend to get a lot of side-eye at work when I bring up this very point.
Light@leeloo
It depends how much you value the integrity of your computer and/or the confidentiality of your data Vs your fingers and/or eyes.
I imagine there are high-stakes situations where it's not as clear cut as you are making out.
@leeloo I'm sorry, what? did that actually happen?
@esoteric_programmer
No, but it should.
Just as you should change your password if it becomes public knowledge, if you use biometrics as a password (rather than just an id), you should change your fingerprint every time you leave it on the refrigerator.
@leeloo lol! is it even possible to do that?
@esoteric_programmer
The first nine times you open the refrigerator, sure. After that, you can extend it if you are willing to take your shoes off every time.
The first nine times you open the refrigerator, sure. After that, you can extend it if you are willing to take your shoes off every time.
@leeloo lol! but we all know, real ninjas use gluvs programmed to emit a different fingerprint each time they're put on
Howard Chu @ Symas
gnate@leeloo Mine don't meet the minimum entropy requirement.
Jeff Grigg@JeffGrigg I like to joke, but as I age, it does become less and less likely that my fingerprint will be read successfully. The reader for the time clock at work was the worst (which did include working with acids, as it happens....)
@leeloo
@leeloo
Photodouze - parti !@leeloo indeed. But this id can be used to activate a password manager.
@photodouze
Depends on what you mean by activate.
Also, are you giving your passwords away to some cloud password manager? My password manager does not require any id.
@leeloo i use apple’s.
@photodouze
So you're doing both mistakes?
Using a fingerprint as a password rather than an id AND giving your passwords away to some cloud service just waiting for them to get leaked.
Jean@leeloo Time to use toeprints!
Nathan Manceaux-Panot@leeloo This is catchy on paper, but:
- Few people are targeted by actors willing to spend the resources to get a 3D face scan
- The one system I know (iOS) asks you to have a password as backup. It’s explicitly weakening security for convenience (see 1). So you can give your password, instead of your eye, if you prefer
- A corollary to the reasoning you describe: if you EVER use your password in public, you MUST change it immediately. Woof!
IMO your reasoning is sound, but applies to few peeps
@Cykelero
If your phone can do a 3d face scan to unlock, the resources required to get a good enough 3d face scan is a phone like yours.
Your second point is good. Few systems do that. But do you remember the password when you meet the dude with the machete?
As for your third point, do you mean on a computer that may have a keylogger? If so, you are absolutely right. In that case you should use a one time password if you really need to.
@leeloo @Cykelero also #FaceID can, has and will be used by force against the user.
- IOW: What prevents an Attacker from grabbing a victim at their beck and holding the phone up to theor face?
At least with #Passwords & #PIN|s there are some systems that have the option of a "Duress Code" in which they'll wipe the device and it's keys.
- Allegedly @GrapheneOS has that feature...
@leeloo You need more than scan a face, you also need to retrieve the data (it's intentionally extremely hard on iPhone) + print a convincing face replica. Both need quite specialized hardware—not just a phone!
I think you can forget your password even if bio auth is disabled; machete man will not be pleased either way.
And I meant in general, unlocking your phone in public: people/security cameras might see your screen. You'd need to crouch under a table for every unlock. Few people do that!
@Cykelero
You just need to inject the bits somewhere between the camera sensor and the facial recognition software.
Forgetting a password you used once is much easier than forgetting one you use every day.
@leeloo My understanding is that you do need hardware access in the end (e.g. the CPU physically can’t access the bio data decryption key, vastly upping the bar for a working extraction exploit). That’s stretching my knowledge, though; you really can’t just guess at how these systems are designed.
That infrequent password entry forgetfulness point rings true. (required 1/week on iOS, but result is the same)
@leeloo Ultimately though, adding all that up, bio authentication does weaken security, but only a very slight amount, for most people.
Finding bio scan/storage iffy is a valid reason to avoid the tech. The added risk really isn’t: you cross the street; kiss other humans; bio auth won’t ruin your life either.
Finding bio scan/storage iffy is a valid reason to avoid the tech. The added risk really isn’t: you cross the street; kiss other humans; bio auth won’t ruin your life either.
@Cykelero
Your face is not encrypted. Neither is a picture of you face.
If the signal from the camera to the cpu (or wherever the check is performed) is encrypted, you just need to inject the data before it gets encrypted.
_GreyWolf> The one system I know (iOS) asks you to have a password as backup. It’s explicitly weakening security for convenience (see 1). So you can give your password, instead of your eye, if you prefer
Usually that password is the real seed for the encryption (at least with Android) and the biometric is used as a quicker way *After first unlock*, so after the key exists in memory.
So biometrics will usually weaken your security here
@_GreyWolf Totally!
(Only nuance: usually your password *unlocks* the actual decryption key. This way, you can change your password without the device needing to re-encrypt all your data. It's a very simple move but so clever!
Also interesting, these days decryption keys are partially based on fixed keys written in ROM, unique to a given device, meaning you easily can't pop off the storage and decrypt it using another device, e.g. to bypass password attempt limits)
(Only nuance: usually your password *unlocks* the actual decryption key. This way, you can change your password without the device needing to re-encrypt all your data. It's a very simple move but so clever!
Also interesting, these days decryption keys are partially based on fixed keys written in ROM, unique to a given device, meaning you easily can't pop off the storage and decrypt it using another device, e.g. to bypass password attempt limits)