Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unhashable: Why Fingerprints Are Weaker Security Than Passwords (hackaday.com)

Posted by Soulskill on from the but-i-carry-them-with-me-almost-everywhere dept.

szczys writes: Fingerprints aren't terribly secure; you leave them on almost everything you touch. Many people won't realize that fingerprints can be captured and reproduced from casual photographs. It's actually worse than that. The very method with which fingerprints are stored is much weaker than passwords. Fingerprints cannot be hashed. By their very nature, each read of your fingerprint will be a little different, which breaks the hashing method. They can only be stored using encryption, which requires the same master password each time a new print read is compared to the stored key — a much weaker method than salted hashes. This more easily opens fingerprint credentials up to theft and brute forcing.

4 of 242 comments (clear)

  1. Bad practice. by Aethedor · · Score: 5, Insightful

    Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Bad practice. by jafiwam · · Score: 5, Insightful

      Using a fingerprint for authentication is like using one unchangable password for every system. Bad practice!

      Not to mention fingerprint authentication or encryption is not Fifth Amendment protected.

  2. Re:What does this mean for biometrics in general? by Anonymous Coward · · Score: 5, Insightful

    It means that biometrics should be the username, not the password.

  3. Fingerprint are not passwords by throbber · · Score: 5, Insightful

    Fingerprints, in fact all biometrics, are not passwords -- they are usernames.

    In the 'perfect' security combination of { something you are, something you know, something you have }, they are the "something you are" part.