[logifail]

> Biometrics are a terrible choice for sensitive information [..] It is easier to push your thumb on a screen than to pry a password out of your head

It's way worse than that, you may only need photographs of someone's thumb:

https://arstechnica.com/information-technology/2014/12/polit...

[CableNinja]

You can also just use a gummy bear https://www.theregister.com/2002/05/16/gummi_bears_defeat_fi...

[logifail]

The gummy bear method needed actual fingerprints from the victim (for instance lifted from a glass the victim had touched).

The CCC improvement worked merely from photos of the victim's thumb...