[alkonaut]

The only time I have used fingerprints for flights is for bag drop. That is, the fingerprint verifies that the same person dropping the bag is the one that later boards the flight. In that scenario the fingerprint is not needed after that, and I'm sure there is no regulatory permission to store biometric data for any longer period of time than necessary, which is only until the plane leaves. I haven't seen these systems in a while though so its possible that newer regulation like the GDPR even made them too cumbersome to maintain. Of course there is a risk of compromise in such a system, but if someone wanted your fingerprints specifically it would probably be easier to get them from your car door than hacking an airport system.

Fingerprints for unlocking is not very secure it's just a convenience. Consider it to be equivalent to face unlocking. Anyone who is determined enough will bypass it. Whether it's secure enough depends on your threat model. I trust face unlock to prevent my kids unlocking my phone but that's a whole different kind of threat model from a state actor.

[eesmith]

> I trust face unlock to prevent my kids unlocking my phone but that's a whole different kind of threat model from a state actor.

As long as you keep the default of requiring attention, face lock is likely safer than a fingerprint from the kid threat vector.

"Fox News reports that six-year-old Ashlynd Howell from Arkansas spotted her mother Bethany taking a nap on the couch. The girl then took her sleeping mother’s thumb and placed it on her iPhone’s fingerprint reader to unlock the device, all so she could order $250 worth of Pokémon merchandise on Amazon." - https://wsvn.com/news/us-world/6-year-old-uses-sleeping-moms...

"Cryptographic expert Matthew Green has found his son Harrison bypassing the security measures, CNN Money reports, by swiping the phone with his thumb while he slept" - https://www.dailydot.com/debug/touch-id-child-iphone-unlock/

Though depending on how deeply you sleep:

"Man opens eyelids of sleeping girlfriend to unlock her phone, steals over Rs 18 lakh from her bank app" - https://www.indiatoday.in/technology/news/story/man-opens-ey...

and from five years ago: "Heavy sleepers, beware: Researchers bypass Apple FaceID using glasses with tape" - https://www.digitaltrends.com/mobile/apple-faceid-tricked-by...

Bonus: "Face ID shown unlocking for family members who aren’t alike" - https://bgr.com/tech/iphone-x-face-id-hack-family-members/ with the suggestion that Face ID continuously updates the facial features, and by sharing the phone the recognition algorithm may have ended up trained on both faces.

[Symbiote]

In which country was that? You mention GDPR, but I've not seen it in the ~10 EU countries I've used airports in in the last few years.

[alkonaut]

That was Sweden. I googled and it was introduced around 2007 in several airports but I can’t see when it was discontinued but I think it was around a bit into the 10’s at least. It has definitely not been used in the last 5 years in those airports and possibly not even the last 10.

[Symbiote]

I probably just missed it.

I mostly use the main airport of southern Sweden — Copenhagen.