Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unhashable: Why Fingerprints Are Weaker Security Than Passwords (hackaday.com)

Posted by Soulskill on from the but-i-carry-them-with-me-almost-everywhere dept.

szczys writes: Fingerprints aren't terribly secure; you leave them on almost everything you touch. Many people won't realize that fingerprints can be captured and reproduced from casual photographs. It's actually worse than that. The very method with which fingerprints are stored is much weaker than passwords. Fingerprints cannot be hashed. By their very nature, each read of your fingerprint will be a little different, which breaks the hashing method. They can only be stored using encryption, which requires the same master password each time a new print read is compared to the stored key — a much weaker method than salted hashes. This more easily opens fingerprint credentials up to theft and brute forcing.

11 of 242 comments (clear)

  1. Bad practice. by Aethedor · · Score: 5, Insightful

    Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Bad practice. by jafiwam · · Score: 5, Insightful

      Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      Not to mention fingerprint authentication or encryption is not Fifth Amendment protected.

    2. Re:Bad practice. by swillden · · Score: 4, Insightful

      Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      Complete nonsense.

      You're equating fingerprints with passwords. They're not passwords. Password security derives from the secrecy of the password. Anyone who knows the password can enter it, but we presume attackers can't enter it because they don't know it. Fingerprint security derives from the difficulty of presenting the known value to the sensor. Everyone knows your fingerprint (you leave them everywhere!), but we presume attackers can't enter it because they only have a picture of it, not a finger with it.

      In practice, making fake fingers is not terribly hard. But shoulder-surfing PINs is even easier. Which is more secure? That depends on who you're trying to protect your data from. The FBI absolutely will make fake fingers and unlock your phone, but they may not have an opportunity to shoulder surf a PIN. Advantage: PIN. Your suspicious girlfriend probably won't make fake fingers, but has ample opportunity to shoulder surf you. Advantage: fingerprint.

      Which is better for you? You decide.

      In practice for most people the choice isn't between fingerprint or password, it's between fingerprint or nothing, because a password is just too inconvenient. Advantage: Fingerprint, by a very, very large margin.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Bad practice. by tlhIngan · · Score: 3, Insightful

      And Apple actually treats fingerprints as less secure - the real reason you have fingerprint readers is because it lets you be more secure than the default no PIN or passcode on your phone. The problem of this is human - the typical use case for a phone is you access it thousands of times a day for a few seconds each time. Entering a PIN or passcode makes it so much less convenient that much fewer people (less than 50%) actually do it. But a fingerprint that can be read while the phone is waking up means it's ready to go when you are, and you can have a passcode because that goes out of the way most of the time. Even better, it can be a complex passphrase that you type out - if you're only doing it a few times, it's a lot less inconvenient.

      And that's why Apple justified the use of the fingerprint reader - it's less secure, but it's also way more convenient, and if you're not entering your password 1000 times a day, you're more likely to use it. Of course, some people go overboard with their passcodes...

      But Apple also realizes the fingerprint is not the be-all end all, hence the rules where if you reboot the phone, or not use it for 48 hours, Apple demands you enter the passcode. The passcode still rules, and if the fingerprint reader goes awry, you can still unlock with it.

    4. Re:Bad practice. by Applehu+Akbar · · Score: 3, Insightful

      Your fingerprint is the best password you will actually use. I do residential IT services in an area heavy with retired people, and the biggest problem I face is forgotten passwords. It's not supposed to be good advice, but I tell all of them to write every password down in at least two non-obvious places, because otherwise they will be forgotten. I keep running into users who have no machine password, or "12345" because "I wouldn't remember it!"

      Better you think of a good password, and write it down.

    5. Re:Bad practice. by Mashiki · · Score: 3, Insightful

      Is this the case? I mean, every time I put my phone in my pocket, it cleans off my screen including the fingerprint sensor. I do that explicitly too, at least once a day too.

      Sure, since you probably forget to clean the underside of the back panel and battery as well. Your fingerprints are likely on there somewhere, and if someone really wants your print and device and you are careful they'll likely follow you and wait for you to leave something behind that'll give a great print. Like a piece of paper, glass, can, other portable hard surface or even go digging through your trash for it.

      Fingerprints are a shit security measure.

      --
      Om, nomnomnom...
  2. Fingerprints are public information by NotInHere · · Score: 4, Insightful

    They aren't some super secret thing you try to keep secret from everybody. You not just leak your DNA everywhere, you leak your fingerprints too. And unlike passwords, you can't just simply change them.

  3. Re:What does this mean for biometrics in general? by Anonymous Coward · · Score: 5, Insightful

    It means that biometrics should be the username, not the password.

  4. Fingerprint are not passwords by throbber · · Score: 5, Insightful

    Fingerprints, in fact all biometrics, are not passwords -- they are usernames.

    In the 'perfect' security combination of { something you are, something you know, something you have }, they are the "something you are" part.

  5. Re:What does this mean for biometrics in general? by glenebob · · Score: 4, Insightful

    You don't think it has anything to do with an utter pain in the ass it is to keep track of user/password and private/public key pairs, vs how simple a bio-scan is?

    Bio-scans are easy to understand in practice. You walk up to a thing and touch it/look at it, and you're in. That's the appeal.

  6. Even worse.... by mark-t · · Score: 3, Insightful

    .... there is absolutely nothing that you can actually do, barring the use of what would probably amount to excessive physical violence, to prevent someone from taking your fingerprints who is intent upon doing so.

    You can, at least, refuse to divulge your passwords.

    --
    File under 'M' for 'Manic ranting'