|
|
|
|
|
|
by Nextgrid
1357 days ago
|
|
|
Most modern biometric auth is implemented by the biometric device acting as an HSM and only agreeing to perform the cryptographic operation with its secrets if the proper biometrics are provided. Biometrics are never directly sent to the service you're authenticating to, instead it's using a form of PKI in the background where your biometric device is an HSM storing the client certificate. This is less secure against dedicated attackers with physical access, but much more secure against remote attackers as there's usually no way to provide the biometrics to the HSM in software and the authentication key from the biometric device can't be stolen so you must keep persistent access to it to be able to use it every time you need to authenticate. |
|
|