[afarah1]

Biometrics is just something else to get leaked, terrible idea because it's even more sensitive (can be used to track you through cameras for example, like used in the Iran war).

This problem has long been solved with federated IdPs and MFA - something you own like OTP device/physical token besides something you know like SSN/tax id/password.

Most governments prefer biometrics of course because citizen privacy is the opposite of what they want.

[whyagaindavid]

I would not go that far to say all govts are like that. The main problem is majority of citizens cannot easily remember such things. Even simple PIN that is included in EU ID cards - most people don't remember or use. people want frictionless use.

[yladiz]

> Most governments prefer biometrics of course because citizen privacy is the opposite of what they want.

Or... it's something that you always have on you which is incredibly hard to fake.

[jerf]

You shouldn't model it as incredible hard to fake. It isn't. It's harder that typing a password you've stolen into a web site, but if you set out to do it, it's not that much harder.

This is the primary reason I'm against biometrics used for identity. Yeah, the privacy invasion is a problem, but I think that's completely dominated by the fact that if everyone uses it, it will be leaked, and once leaked, can indeed be quite practically faked. If used as a password, it's a password you can never change. That is useless.

The difficulty of overcoming a security measure should be greater in cost than the thing it is valuing. The cost of, for instance, replicating a fingerprint given a photo of it, is basically a home hobbyist project for the weekend. Check out Youtube for many people who have done exactly that and give instructions how. When the cost of bypass is "home hobbyist project on a weekend", the value of what it should be expected to protect is correspondingly low.

(In fact I don't even use it on my cell phone, with all its access to bank accounts and amazon accounts and other ways to spend my real money. The idea of a password to all that stuff that I leave arbitrary copies of sitting right on my screen is completely absurd. Everything important is locked behind codes and passwords. It's less convenient than fingerprints but at least those offer actual security.)

You also have to bear in mind the costs of the biometrics gathering. If you have a physical guard watching someone do a retinal scan and verifying that they have put their real eye up to it, you're at least on track to something that takes a lot of resources to overcome, especially if it's in combination with other techniques of identification. If you don't have that, now we're back to "how cheaply can we replicate whatever passes for a retina with this scanner" and that's likely to be cheaper than most people think. Real-world biometrics are in places where attackers can perform arbitrary attacks with impunity.

[anonym29]

Biometrics are the only credential you can't roll after compromise.

[lostlogin]

It depends what the biometrics are. There have been successful hand transplants, so new finger prints are possible, but completely impractical.

https://en.wikipedia.org/wiki/Hand_transplantation

[ntoskrnl_exe]

Thinking about it, I probably wouldn't remember to change my fingerprints to the new ones with all the services I use, I'd probably have to carry my "legacy fingerprints" wherever I go for some time to avoid a lockout.

[tombrandis]

kind of but others are hard as well... most people don't change their name, date of birth or even email address when they are leaked.

[anonym29]

These aren't really "credentials" in that they're not secret the way your iris/retina pattern, fingerprint pattern, password, pin, secret key, or security token are.

Your name, DoB, and email address are identifiers, yes, but aren't really authenticators - they're more like a username, not a password.

[artursapek]

this is exactly my problem with them

[flakeoil]

> something you know like SSN/tax id/password

How can you equal an SSN/Tax id with a password? The SSN/Tax id is more or less public knowledge while a password is not.

[rawgabbit]

Maybe in the future, our driver licenses will become a physical token?