|
|
|
|
|
|
by rakoo
891 days ago
|
|
|
> The fingerprint is a second factor ("something you are"), a way to make sure the device is in your hands and not someone else's hand. > Your fingerprint itself is already available to anyone who cares. In that case your fingerprint can't prove you're here then |
|
|
Ie, if I replicated your fingerprints from a drink glass in a bar, I'd likely not know your name (username) or password, which would be the first factor.
Equally if I got your credentials from a dark web leak, I'd not know your biometrics, which would be your second factor.
It isn't foolproof, but it is certainly significantly more secure than just making your password more complex.
That said, I do prefer fingerprints being an identifier (or username) rather than a credential, but as part of an MFA process I feel it adds value.