Hacker News new | ask | show | jobs
by fart32 1815 days ago
Would you mind sharing few of them? I use fingerprint reader on my phone and laptop, is there a reason I shouldn't? Face recognition is something I have a problem with. I don't like cameras, especially those you cannot unplug.
3 comments
Nexxxeh 1815 days ago
Not OP, but...

Fingerprints, as far as most readers are concerned, aren't too difficult to duplicate sufficiently.

You can obtain someone's fingerprints from photos, as the German defence minister found out years ago[1]. Also you leave them everywhere and your laptop is likely covered in them. You can't effectively change or revoke them.

You can reproduce them with varying levels of success with photoshop, a laser printer, gelatin and some home PCB etching gear.

And unlike passwords, there's no 5th amendment right covering them for Yanks. (The latter is debatable for passwords, but is absolutely not for fingerprints.)

They may be "good enough" security, depending on your threat model. But they're pretty shit for security, all things considered.

[1] https://arstechnica.com/information-technology/2014/12/polit...

link
fart32 1815 days ago
> And unlike passwords, there's no 5th amendment right covering them for Yanks.

Good point, thank you.

link
w4rh4wk5 1815 days ago
For biometrics in general, there's a huge list, starting from cannot change and therefore rely on the implementation, all the way down to hard to deny that I have access. While I can say, no, I don't have a password to this random device you are showing me, with biometrics, you can just wave it in front of my face and it unlocks. Maybe even when I am asleep / unconscious.

For the specific case here, about my laptop: for instance, I can't simply hand the notebook to my dad, _telling_ him the password and he's good to go. This is the downside where I can't simply share a (biometric) login, even if I want to. Which also means that every access automatically implies that it's really me, and not someone else I just gave quick access to without reconfiguring the system.

link
fart32 1814 days ago
I see. I don't find the lack of ability to share a device as a problem, but I can understand your first point.

On a side note, I was thinking about using both - password/PIN (something I know and must be conscious to provide) AND a fingerprint. Sadly, Windows Hello can't be configured this way.

link
mackrevinack 1814 days ago
yea its a real shame that combining them isn't more common.

i would also like more granular control. like a pin+fingerprint when im connected to my home network and full passphrase when not, ie when im travelling or whatever. if i know I'm going to be home for the evening and nobody else is around it would be nice to not have to use anything at all

link
invisiblewasabi 1815 days ago
Biometrics are typically immutable. If your password gets compromised, you can simply change it. You can't change a fingerprint.
link
jwalgenbach 1814 days ago
That's actaully the problem. You can't change a fingerprint, but you can fake one.
link