Your Fingerprint is Not a Password
I like my new iPhone. The fingerprint authentication is cool, but it’s important to realize that it’s only a toy.
Although fingerprint authentication gets a huge amount of positive press coverage, it is a horrible form of security at it’s most basic level. Put aside for a moment the crazy stories of gangs cutting off people’s fingers in order to fool fingerprint scanners, the flaw is much simpler and less dramatic.
Within days of the the release of the new iPhone, it was cracked so that it could be unlocked using a copy of someone’s fingerprint. Naturally, biometric advocates claim that the current security flaw will be fixed with better scanning hardware or improved recognition software, but this misses to core issue.
Fingerprints will always be a horrible form of security. The fundamental problem is that we leave our fingerprints everywhere. We can’t keep them secret and we can’t change them if they fall into the wrong hands.