Hacker News new | ask | show | jobs
by giantrobot 728 days ago
The biometric data is not your password. It's used to unlock a session token. Getting that session token requires a "what you know" password. There's lots of events that invalidate that session token not the least of which on phones is multiple presses on the lock button (on iOS at least).
1 comments
domador 728 days ago
Yet in many cases it is. I've come across various systems where there is no "what you know" password only a "what you look like" password.
link
kjs3 728 days ago
Yup. I guess if you don't do much of this "it's not a password" sounds like "there's no risk".
link