Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security

Unhashable: Why Fingerprints Are Weaker Security Than Passwords (hackaday.com) 242

szczys writes: Fingerprints aren't terribly secure; you leave them on almost everything you touch. Many people won't realize that fingerprints can be captured and reproduced from casual photographs. It's actually worse than that. The very method with which fingerprints are stored is much weaker than passwords. Fingerprints cannot be hashed. By their very nature, each read of your fingerprint will be a little different, which breaks the hashing method. They can only be stored using encryption, which requires the same master password each time a new print read is compared to the stored key — a much weaker method than salted hashes. This more easily opens fingerprint credentials up to theft and brute forcing.
This discussion has been archived. No new comments can be posted.

Unhashable: Why Fingerprints Are Weaker Security Than Passwords

Comments Filter:
  • Bad practice. (Score:5, Insightful)

    by Aethedor ( 973725 ) on Tuesday November 10, 2015 @05:57PM (#50904979)

    Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

    • Re:Bad practice. (Score:5, Insightful)

      by jafiwam ( 310805 ) on Tuesday November 10, 2015 @06:00PM (#50904995) Homepage Journal

      Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      Not to mention fingerprint authentication or encryption is not Fifth Amendment protected.

    • Except finger prints are good agains blanket attacks. They will suck at a targeted attack. Such as someone who really wants to get onto my device. However most problems in security including bad passwords is the ability for someone to remotely hack into your system who doesn't know or care who you are.

      So yes someone who is tracking me down can break in and steal my fingerprint. But that is very personal. Especially as such devices that read finger prints are mobile and are more often then not on my perso

      • Unless you wear gloves when you touch your mobile device, they generally steal your finger prints along with the device.
        • by rsborg ( 111459 )

          Unless you wear gloves when you touch your mobile device, they generally steal your finger prints along with the device.

          Is this the case? I mean, every time I put my phone in my pocket, it cleans off my screen including the fingerprint sensor. I do that explicitly too, at least once a day too.

          The CCC hack on TouchID was using a high-DPI scanner and a perfect print. Good luck getting my finger prints off my oleophobic screen that touches cloth constantly.

          • Re:Bad practice. (Score:4, Insightful)

            by Mashiki ( 184564 ) <mashiki@gmail.cBALDWINom minus author> on Tuesday November 10, 2015 @08:23PM (#50905911) Homepage

            Is this the case? I mean, every time I put my phone in my pocket, it cleans off my screen including the fingerprint sensor. I do that explicitly too, at least once a day too.

            Sure, since you probably forget to clean the underside of the back panel and battery as well. Your fingerprints are likely on there somewhere, and if someone really wants your print and device and you are careful they'll likely follow you and wait for you to leave something behind that'll give a great print. Like a piece of paper, glass, can, other portable hard surface or even go digging through your trash for it.

            Fingerprints are a shit security measure.

          • However, if someone renders you unconscious, they can take your hand and unlock your phone - and you'll have no idea whether you were robbed in the normal sense, or robbed and forced to unlock your device (which might have your saved banking and credit card passwords).

            Of course, the real solution is to decide who/what you need to protect against and plan for that. If you are worried about someone in your family that could take advantage of you when you are exhausted, sick or inebriated - then a password is

      • Yep. And really, once you have someone or some organization focused on just you as one person you are pretty much F'ed with pedestrian level security. Various leaks have shown that most everything has been cracked and is only a few GUI clicks away from law enforcement via Hacking Team software (or other less known software).

        My guess is that even today it is harder for the big guys to crack fingerprints than employ pre-canned software to defeat just about anything.

    • Re:Bad practice. (Score:5, Insightful)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday November 10, 2015 @06:42PM (#50905303) Journal

      Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      Complete nonsense.

      You're equating fingerprints with passwords. They're not passwords. Password security derives from the secrecy of the password. Anyone who knows the password can enter it, but we presume attackers can't enter it because they don't know it. Fingerprint security derives from the difficulty of presenting the known value to the sensor. Everyone knows your fingerprint (you leave them everywhere!), but we presume attackers can't enter it because they only have a picture of it, not a finger with it.

      In practice, making fake fingers is not terribly hard. But shoulder-surfing PINs is even easier. Which is more secure? That depends on who you're trying to protect your data from. The FBI absolutely will make fake fingers and unlock your phone, but they may not have an opportunity to shoulder surf a PIN. Advantage: PIN. Your suspicious girlfriend probably won't make fake fingers, but has ample opportunity to shoulder surf you. Advantage: fingerprint.

      Which is better for you? You decide.

      In practice for most people the choice isn't between fingerprint or password, it's between fingerprint or nothing, because a password is just too inconvenient. Advantage: Fingerprint, by a very, very large margin.

      • I'd argue that a fingerprint is better specifically for phones, but falls flat in most other applications. iPhones have a touchID chip paired to the CPU, so they're extremely difficult to crack even if you have physical access. A well-done fingerprint system like touchID is great for the security of a local device. But it doesn't work well for anything remote, since a fingerprint can't be hashed which has numerous implications. It also can't be used directly as an encryption key.

        Also, it's one thing to pee

        • I agree, but would point out that using a fingerprint to unlock a strong key on a phone, then using that to authenticate to a remote server is quite strong.

        • by KGIII ( 973947 )

          I've only been dating my girlfriend for like a month (I'm sure she knows the exact date). She already knows my phone pin. I don't mind. I told her. I wanted her to do something for me while I was driving.

          I don't actually have any secrets on my cell phone. :(

          If she wants to read my old texts then that's fine but I hope she deletes them for me when she's done. It'd be nice if she'd clear out my voice mail for me too, now that I think about it. Worst case? She finds out I have drunk and stoned friends. Oh no!!

      • In practice, making fake fingers is not terribly hard. But shoulder-surfing PINs is even easier. Which is more secure? That depends on who you're trying to protect your data from. The FBI absolutely will make fake fingers and unlock your phone, but they may not have an opportunity to shoulder surf a PIN. Advantage: PIN. Your suspicious girlfriend probably won't make fake fingers, but has ample opportunity to shoulder surf you. Advantage: fingerprint.

        The reasoning goes; you can change your PIN every day, even several times per day. Fingerprints not so much. Advantage PIN.

    • Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      I have ten fingers, so it's not as bad as you think... Although, rotating though 10 passwords isn't all that secure either....

    • This sounds like an ideal job for homomorphic encryption. Compare a sample to a fingerprint without ever revealing the sample or the fingerprint to a third party.

  • by NotInHere ( 3654617 ) on Tuesday November 10, 2015 @05:58PM (#50904983)

    They aren't some super secret thing you try to keep secret from everybody. You not just leak your DNA everywhere, you leak your fingerprints too. And unlike passwords, you can't just simply change them.

    • by swillden ( 191260 ) <shawn-ds@willden.org> on Tuesday November 10, 2015 @06:30PM (#50905195) Journal

      They aren't some super secret thing you try to keep secret from everybody. You not just leak your DNA everywhere, you leak your fingerprints too. And unlike passwords, you can't just simply change them.

      Correct. The security of fingerprints, like all biometrics, derives not from the secrecy of the data (because it's not secret, particularly not your fingerprints), but because of the difficulty of providing someone else's data to the sensor.

      In an ideal world, with a sensor that is able to distinguish with 100% accuracy whether the finger (or whatever) it's being presented is real, live and attached to the person who is trying to authenticate, that would be really hard. In the real world, with the sensors on typical consumer devices, and in an unsupervised environment (i.e. no security guard watching to check that you aren't trying anything funny), it's really not very hard at all. Anyone who cares to can watch a YouTube video, spend $20 at the local hobby shop to get the materials, and spend a couple of hours turning an image of a fingerprint into a gummi finger which will fool most sensors. However, that doesn't mean it's worthless. It only means it's worthless against someone who is willing to do that.

      Compare this to a more common mobile device authentication method: a four-digit PIN. It's rather easy to shoulder surf a four-digit PIN, especially with the assistance of smudges, and particularly if you're a friend or family member of the target. In practice, friends and family members are the most common unwanted intruders on mobile devices. Against a typical person, who isn't likely to mess around with lifting prints and manufacturing fake fingers, a fingerprint -- weak as it is in absolute terms -- is stronger than a PIN or Android pattern.

      Even more important, many people find a PIN, pattern or password simply too cumbersome to use. Android's Smart Lock helps, by enabling the device to apply rules to determine when the device has probably not left your possession and to stay unlocked longer in those cases, but even that's too inconvenient for many. So that majority of mobile device users (on devices without FP scanners) don't use any lockscreen at all.

      Having no lockscreen is far less secure than fingerprint authentication, in case anyone is unclear about that.

      Thus, for people who would otherwise use no security, the extreme speed and convenience of a good fingerprint scanner makes it feasible to protect their devices. That's a big win for those people, even if someone messing with etching compounds and wood glue can get past it.

      IMO, the biggest problem with the current crop of mobile fingerprint sensors isn't the devices, sensors or software, it's the users' perception of them as very high security. They're not. They're relatively weak, but highly convenient security. As long as people don't expect too much from them, they're awesome.

      So, the bit about fingerprint template storage security is much ado about nothing. The new Android fingerprint subsystem (which I worked on) does a decent job. Templates are encrypted with keys that are inaccessible to the Android OS and kernel, and the matching of livescans against templates is likewise done where even a completely-compromised kernel can't alter or interfere. But that's actually not because templates are highly sensitive data. It's partly just good security hygiene and partly because the hardware-backed keystore can rely on fingerprint authentication to unlock secrets, and it doesn't make sense for it to simply trust the regular Android OS... since the reason that stuff is done in the secure context is so that compromises of the regular OS can't muck with it.

      • by BeerCat ( 685972 )

        IMO, the biggest problem with the current crop of mobile fingerprint sensors isn't the devices, sensors or software, it's the users' perception of them as very high security. They're not. They're relatively weak, but highly convenient security. As long as people don't expect too much from them, they're awesome.

        Just a pity that many of the advocates of biometrics have convinced themselves (and hence aim to convince others) that they are high security, rather than convenient security.

  • Your palm print or retina scan would have the same limitations.

    • by Anonymous Coward on Tuesday November 10, 2015 @06:04PM (#50905023)

      It means that biometrics should be the username, not the password.

      • It means that biometrics should be the username, not the password.

        No. This is just as wrong as viewing a fingerprint as a password. Biometrics make lousy identifiers. You still need to use a username when authenticating with a biometric. Biometrics work fine as authenticators but they work completely differently from passwords.

        I went into detail here [slashdot.org].

  • Am I the only one who immediately thought of amputation?

  • It doesn't matter... (Score:5, Interesting)

    by beelsebob ( 529313 ) on Tuesday November 10, 2015 @06:04PM (#50905025)

    The question isn't "is a fingerprint more secure than a password", it's "is a fingerprint more secure than no security". Most phone users didn't have any password on their device. Adding a fingerprint secured those devices.

    • Not only that depending on the setup it should be the daily use, but not the secure use.

      iOS 9 at least the fingerprint reader has a 48 hour lock code requirement. use the finger print scanner only to unlock your phone and once every 48 hours it asks you to unlock it with the passcode in addition to the number of tries to break.

      just do not willing unlock your phone. even if they drug you they will hit one of the two limits before unlocking the phone.

    • It doesn't matter...

      It does though.

      The question isn't "is a fingerprint more secure than a password"

      It is, that is actually the question that this article is attempting to answer, and also to prove. And they helpfully answer it right in the first paragraph: But you know what’s worse than a password? A fingerprint.

      it's "is a fingerprint more secure than no security"

      No one is asking that question, because it's a stupid question.

      Most phone users didn't have any password on their device. Adding a fingerprint secured those devices.

      No, it didn't. In fact, the title of The Fucking Article makes that pretty clear:

      YOUR UNHASHABLE FINGERPRINTS SECURE NOTHING

      Your fancy phone is not "secure" because you put your fingerprint on it. It's still n

      • Well, yes, except for the part where the iPhone requires the passcode in addition to the fingerprint after a certain period of time.
      • by KGIII ( 973947 )

        Using your metric, no computerized device, that is able to be powered on, is secure. While that'd be tough to argue against, there must be some reasonable middle ground for the sake of brevity. I think "more secure" is applicable and acceptable. Just like the TSA lock is more secure than no lock at all.

  • by throbber ( 72924 ) on Tuesday November 10, 2015 @06:08PM (#50905041)

    Fingerprints, in fact all biometrics, are not passwords -- they are usernames.

    In the 'perfect' security combination of { something you are, something you know, something you have }, they are the "something you are" part.

    • So I can only have 10 accounts per website? That's not nearly enough.
      • So I can only have 10 accounts per website? That's not nearly enough.

        Take off your shoes and socks and double the count...

      • by KGIII ( 973947 )

        Well, you've got toes. Just tell 'em that you're fat.

    • Yes, they can be used as part of a multi-factor security system, but as a single security factor, they don't work.

    • by unrtst ( 777550 )

      They may be like usernames, but usernames should be considered "something you are".
      Most people would argue that, like usernames, fingerprints shouldn't be considered as a auth factor (something you are), because of their inherent insecurity and availability.

      Please, before someone argues that "something you are" could be twisted to include X, Y, or Z, that's not helpful. "Something you have" could be twisted to mean the knowledge of the password, but that's not what it means. The common three factors mean:
      1.

      • by unrtst ( 777550 )

        Ugh... where's the "edit" button for my "clicked past the preview too quickly" nature?
        I meant to start that with:

        They may be like usernames, but usernames should NOT be considered "something you are".

      • They're all usernames. A username is a way to uniquely identify you. Whether it's a token, a password, or a biometric it's all just a way to identify you. The only reason we have usernames is so that we can look up the record for the identifier and compare the two.

        Think of it this way: If systems required that all passwords be unique, there would be no need for a username. If you have a token which is impossible to counterfeit, you need only a token for your identification. If you could provide a truely uni

  • by goodmanj ( 234846 ) on Tuesday November 10, 2015 @06:09PM (#50905047)

    Is that actually true, though? I thought law enforcement, at least, identified fingerprints via a series of distinctive "features" rather than a full image of the fingerprint. In theory, couldn't these features be listed as to their presence/absence and coordinates relative to the center of the fingerprint, creating a consistent hashable value?

    • Oh, they're nominally unique. The article merely argues that they are useless against someone who has the time, means, and knowledge to steal one of your devices which uses fingerprint authentication AND create a usable copy of your fingerprint from some other method.

      It's entirely possible to do so. It's quite difficult to do so without the targets knowledge.

      • they are useless against someone who has the time, means, and knowledge

        And this is really what any kind of security is about. It raises the effort and/or cost of accessing whatever is being protected. This is true whether it's your car (which thieves can break into in seconds) or your data. Given enough effort and money, any kind of security can be broken. The point, though, is to incur a cost high enough to protect an asset to a sufficient degree that thieves will be deterred.

    • Yes, if you put your finger in exactly the same orientation with the same pressure and your skin doesn't move either.
      Fingerprints aren't as easy to read as a QR code. They're attached to a flexible squishy thing.

  • I say this because I wonder whether there's a way for scientists to read a password from my memory. I doubt! I have one that consists of a special combination of my school registration numbers since grade 9. Unbeatable!

    To this sequence, I have added space, special keyboard characters from those number keys. It has worked for me for 21 years so far. One password of mine had 31 characters. All from my mind! No wonder the NSA can't beat this approach.

    • by KGIII ( 973947 )

      The NSA has a whole closet full of monkey wrenches. If not then they're buddies with the CIA who do have a whole closet full of monkey wrenches, ball peen hammers, and pliers. What were you saying about your clever and unbeatable system again? (My longest password is 15 characters. I suck. I'll tell them that they can't have it right up to the point where they get out the monkey wrench. After that, I'll give them said password - I might even give them yours.)

  • by JMZero ( 449047 ) on Tuesday November 10, 2015 @06:17PM (#50905097) Homepage

    It's more awkward to hash a fingerprint than a password, sure, but it's certainly not impossible. An image of a fingerprint is mutable and "analog" feeling, but you could, instead, base your fingerprint comparison on a more "digital" digest of information from that fingerprint (eg. you boil image data down to bits that are repeatable in the face of repeated scans, like you check whether feature X is significantly more prevalent than feature Y in this print).

    It'd be tricky, sure, and potentially impractical given current scan quality - but non-hashability is not some inherent limitation of fingerprints or biometrics in general.

    • eg. you boil image data down to bits that are repeatable in the face of repeated scans, like you check whether feature X is significantly more prevalent than feature Y in this print

      But you can't check if feature X is significantly more prevalent than feature Y if all you have to compare against is a hash of the features. That's the point. And, no, you can't usefully hash the individual features independently because the sample space of each is too small. If there are only, say, 10 bits of entropy in the hash of each feature, you can brute force each of them independently and de-hash the template, so the hashing was useless.

      However, hashing of fingerprint templates is pointless anywa

      • by JMZero ( 449047 )

        I'm not suggesting hashing the image, I'm suggesting hashing a stable digital digest, the contents of which might be determinations like "are there significantly more of feature X than Y" that were repeatable. I thought that was clear?

        Your next point is a reasonable possible problem with practicality - if your "stable digest" is too small then it obviously won't work. But there's no reason this digest couldn't be usably large with a scan of appropriate quality; to be clear, I'm taking issue with the idea

        • On hashing, it really doesn't matter, even if it is feasible. And if it were, it would have been done.

          And I would say fingerprints are secrets to some extent.

          When thinking about security, you should assume they're public knowledge. If they happen to be less available than that, then you're in better shape than you thought. But given that they're not rotatable and are left everywhere, no good security design should be based on the premise that fingerprints are secret.

        • You were clear. We are all looking forward to your implementation.

          I'm taking issue with the idea that hashing a fingerprint is impossible in principle, I'm not saying it would practically work right now in realistic scenarios.

          How about in unrealistic scenarios? Because half of the new and cool stuff mentioned on this website is rubbished because it's not practical in reality. And then someone refines it, so then it is realistic.

          Are you talking about having an indicator for ridge A, with a radius relativ

    • by Sique ( 173459 )
      The problem is that you have to compare the received image with the stored one, and then calculate the distance. If the distance is smaller than a certain treshold, the image is accepted.

      A hash can't do that. Actually, a hash is designed to not allow that. The distance of two sources should always be completely unrelated to the distance of the respective hashes.

      • by JMZero ( 449047 )

        I don't think you read my post?

        My whole point is that you don't have to compare image to image. I'm saying that you could take a fingerprint image and digest it into a set of boolean qualities that are stable for various images of that fingerprint (ie. this one has significantly more dipsees than doodads, so that can be a bit in our stable digest). Then you hash that digest and store it. For a new authentication attempt, you do the similar digest and hash, and the two hashes have to match (like a normal

      • by KGIII ( 973947 )

        Err... I could be wrong but fingerprint scanners don't actually store images these days. They store data points. Ridge x was in this location in relation to feature Y which is in this location compared to feature C, etc...

        Someone on Slashdot works in the industry and explained it quite nicely a few years ago. It was verified by a few other posters. So, I could be wrong but that's my recollection in simple KGIII-acceptable-terms. They don't store images, don't compare images, etc... That's why your finger ne

  • Naive analysis (Score:5, Interesting)

    by Anubis IV ( 1279820 ) on Tuesday November 10, 2015 @06:28PM (#50905171)

    The whole suggestion that fingerprints cannot be hashed or are unhashable is rather preposterous. The author points out that a tiny flaw in a fingerprint can result in the hash being different, and he may very well be right that that happens, but that's an implementation issue, not an inherent problem with hashing fingerprints. After all, if you're doing things properly, you won't be hashing the raw raster scan of the fingerprint itself, but rather a normalized/filtered vectorization of the fingerprint that can be trained to ignore slight discrepancies like those.

    Will it be perfect? Nope. Will it allow for mismatches (i.e. hash collisions)? Absolutely, but if you implement your normalization/filtering properly the hash collisions should only occur once in a blue moon, just the same as they do with normal passwords (e.g. Apple says the chances of a random match are 1 in 50,000 with Touch ID; see page 8 of their iOS Security document [apple.com]).

    When you get down to it, this problem isn't much different from how YouTube or Shazam do their content matching, namely, they can take some sort of noisy data, apply a set of filters, generate a hash/fingerprint of the relevant data, then do a quick search based on that hash, rather than trying to actually match the noise in the coffee shop I'm in against the millions of tracks they've sampled. There are differences between those problems and this one, to be sure, and simply encrypting the fingerprint instead of hashing it does make things a LOT easier to implement (e.g. Apple doesn't hash fingerprints, but they do take the extra step of discarding minute details that would be necessary to reproduce a fingerprint before they encrypt it for later use), but to suggest that fingerprints are unhashable just seems silly. We're in the early days of fingerprint scanners in widespread use, and I'd expect that things will head in that direction with time.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      YouTube or Shazam [...] generate a hash/fingerprint of the relevant data

      I doubt they hash anything. The output of the set of filters gives a point in high-dimensional space, and they run a nearest-neighbor algorithm on it. The coordinates might get discretized, but not hashed. Hashing at any point in the process is counter-productive because hashing causes two nearby values to become very different, so you lose distance information unless the distance is exactly 0.

      • by Copid ( 137416 )
        I think the overall point is that if you quantize the point in high dimensional space aggressively enough and then hash that value, you're in business. The problem is designing the features such that you can do the quantizing without creating a bunch of collisions. Unfortunately for fingerprinting, that's a tall order. You're limited to metrics that are invariant over the plastic deformation of the fingerprint as you mush it against the sensor. People would be surprised at the number of different ways a
    • 1 in 50,000 is pretty unsecure if you ask me. That means that there are 200 people in a million that can get into my phone...

      Why not increase the hash size? Because, then you have to come up with some way to account for the physical variations between scans of the same finger, so you lower the hash size and sacrifice the false positive rate to get a lower false negative rate.. There is the real problem with the hash idea, it involves trade offs between convenience and security... The best security involv

  • by Stormy Dragon ( 800799 ) on Tuesday November 10, 2015 @06:28PM (#50905175)

    Fingerprints cannot be hashed. By their very nature, each read of your fingerprint will be a little different, which breaks the hashing method.

    Just pre-process them with something like SIFT to eliminate the variations introduced from one reading to the next and hash that.

  • I can also extract a cryptographic code from a fingerprint, and it can be revoked and a new one made.
    I know this sounds impossible, and nobody but me seems to have made a good system for this.
    Probably because the math is quite tricky and unpublished.

    • ... and this comment would give too few space to write down the beatiful proof?

      • by Kim0 ( 106623 )

        ... and this comment would give too few space to write down the beatiful proof?

        No, but I see no point in giving it away for free.

        • Why not? I remember seeing an example of how to hash fingerprints something like 20 years ago. It may not work with the current fingerprint checking tools but it went something like this:

          1. user (fingerprint owner) Generates a random image the size of the fingerprint image.
          2. Add error correcting - e.g. an R-S code on the rows and columns
          3. Hash this resulting data
          4. XOR the image in 2 with the fingerprint.
          5. Send 3 and 4 to the person who wants to verify the users fingerprint later.
          (User might want to save

          • by Kim0 ( 106623 )

            That method will usually fail because fingerprints are deformable.

            And I need money to survive. My knowledge might help me get money, by selling it.

  • by strredwolf ( 532 ) on Tuesday November 10, 2015 @06:35PM (#50905243) Homepage Journal

    Someone forgot to tell Apple that they're not hashable... because that's how they're storing them.

    But then, you don't use them as a key to encrypt, you use them to *verify* that you are you. This takes care of dumb people trying to break into your phone. The smart ones just open up the phone and try to read the flash and security EEPROM directly.

  • by Anonymous Coward

    Just ask the FBI if fingerprints can be hashed. They've been doing it for decades as part of AFIS - the Automated Fingerpritn Identification System.

    In a nutshell: Software looks for minutae in the print - locations of whorls, loops, valleys, etc. Once those are located it decides where they are relative to each year, then puts those relative coordinates into bins. The smaller the bins, the less tolerance there is for variability like being squished hard against the scanner and spread out. If you set y

    • Except if you know what the bins are and the algorithm, you can generate fingerprints that will match them.
      Sure, what you've described is a hash and it's great for hashtables and indexes, but I think what was implied is a cryptographically secure hash.

  • Most match protocols use point algorithms to store the points and patterns.

    The fact that you've never seen this does not mean we don't have it. We just don't tell you.

    However, all biometrics are highly hackable. Including and especially facial recognition.

    The chief way to stop people is to pay attention to your actual vulnerabilities and concentrate on those, and vary the more easily defeated protocols.

    Stop believing movies. Most of what you see in those are fake.

  • I assume Theft refers to someone cutting off your thumb and Brute Forcing refers to a brute putting you in a headlock while his partner forces your thumb onto the sensor.

  • We keep talking about passwords as if they were some magical key. They're not. They're no different, on a theoretical basis, than a unique physical token or a unique biometric - it's simply a means for you to verify WHO YOU ARE. There are no passwords, only versions of usernames.

    Yes, fingerprints can be copied. As can usernames. Tokens can be stolen. Passwords can be beaten out of you (and I use beaten in a general sense, not necessarily a physical one). Using two of those will prove to be rather difficult

  • Even worse.... (Score:4, Insightful)

    by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Tuesday November 10, 2015 @07:11PM (#50905495) Journal

    .... there is absolutely nothing that you can actually do, barring the use of what would probably amount to excessive physical violence, to prevent someone from taking your fingerprints who is intent upon doing so.

    You can, at least, refuse to divulge your passwords.

    • .... there is absolutely nothing that you can actually do, barring the use of what would probably amount to excessive physical violence, to prevent someone from taking your fingerprints who is intent upon doing so.

      You can, at least, refuse to divulge your passwords.

      Sure, but then you're pretty much leaving yourself to this:
      http://www.explainxkcd.com/wik... [explainxkcd.com]

      • by mark-t ( 151149 )
        You still have to give the passwords willingly... whether you are willing only because you are being tortured or under extreme duress is irrelevant, another party must take measures to directly influence your mental state in order to obtain the password, and even then, there is no guarantee of success. Your fingerprints, however, can be taken whether you object to them being taken or not, and do not require your cooperation to obtain.
  • by FrankSchwab ( 675585 ) on Wednesday November 11, 2015 @12:24AM (#50906821) Journal

    Finally, a slashdot topic where I can be informative. Disclaimer: I work in the industry building fingerprint sensors.

    Fingerprints aren't perfect security. As so many others have pointed out, you leave them everywhere. That doesn't mean that they're not useful.

    1. It's extraordinarily difficult to create a fingerprint spoof from a latent print. Yes, there are people who can do it - I can do it - but it's not easy. Notice on the videos of breaking into the iPhone 5s or 6 that latent prints are taken from a single fingerprint placed carefully on a squeaky clean screen. On your average phone, not so much. Someone who picks up my phone off the seat in a subway will be incapable of breaking in - unless I've just cleaned the screen with windex and carefully placed my fingerprint on it.

    2. A fingerprint on a phone makes an excellent two-factor authentication system. The average hacker in east Elbonia can't break fingerprint security - because they don't have my phone or my fingerprint.

    Perfect? No, but strong? Yes.

    • 1. It's extraordinarily difficult to create a fingerprint spoof from a latent print. Yes, there are people who can do it - I can do it - but it's not easy. Notice on the videos of breaking into the iPhone 5s or 6 that latent prints are taken from a single fingerprint placed carefully on a squeaky clean screen. On your average phone, not so much. Someone who picks up my phone off the seat in a subway will be incapable of breaking in - unless I've just cleaned the screen with windex and carefully placed my fingerprint on it.

      This is not true, unfortunately. It is true that most devices will have a set of partial prints on them, but it's not actually that difficult to assemble them into a whole print, especially if you're okay with making a whole batch of gummi fingers. You simply apply feature extraction to the partial prints, match up common features across the partials and generate a set of candidate full prints. Doing this requires some software knowledge, but not really that much. I expect to see open source libraries that

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...