Mastodawn

When your password leaks:
→ Change your password
→ Problem solved

When your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases forever

This is why facial recognition for age verification is dangerous.

#Biometrics #Privacy #Discord

Show thread

jfml - Jonas Laugs

@capitainesam Also maybe not use your fingerprint to unlock your phone if your not 100% sure it stays on the device (even if the device is stolen etc.)

Show thread

Dan Feb 21

@jfml @capitainesam I would hope that your phone takes a "fingerprint" of your fingerprint, i.e. enough to verify but not reconstruct.

Show thread

ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /#

Feb 21

@ill_logic @jfml @capitainesam every proper implementation hashes the fingerprint, just like you don't store clear text passwords in the shadow file...

The question is, is this a proper implementation on phones...

Show thread

jfml - Jonas Laugs Feb 22

@celeste_42bit @ill_logic @capitainesam But does this (hashing of the fingerprint) help with the problem that if it get leaked I can basically never use it again? Using your fingerprint is like having a password you can't change does the hashing change anything about this?

Show thread

Dan Feb 22

@jfml @celeste_42bit @capitainesam If I somehow get your fingerprint, I can figure out the hash. But if I steal the hash I *can't figure out your fingerprint. Hashes are cool like that. So in principle you should still be able to use it.

* Now the caveat is that it has to be done right. And perhaps someone can find a way to break these systems over time. This has happened with password database systems. Also I don't know anything about biometrics in particular, just the principles at play here.

Show thread

Dan Feb 22

@jfml @celeste_42bit @capitainesam (BTW I don't use biometric logins)

Show thread

jfml - Jonas Laugs Feb 22

@ill_logic @celeste_42bit @capitainesam Ah, ok, thanks for the explanation, that makes sense.