Hacker News new | ask | show | jobs
by simonholroyd 4666 days ago
>> I'm very careful with my fingerprints.

What does that even mean? You wear gloves in public all the time? You wipe down everything you touch?

Which makes me wonder, aren't one's finger prints all over your iPhone exterior anyway. If someone steals one's phone wouldn't it be easier to dust it for prints than crack the security on the digital copy?
2 comments
iyulaev 4666 days ago
Which makes me wonder, aren't one's finger prints all over your iPhone exterior anyway. If someone steals one's phone wouldn't it be easier to dust it for prints than crack the security on the digital copy?

Ding ding ding! We have a winner.

Almost as silly as not using a biometric logic because "what if they use a backdoor to get a photo of my face?"

link
hadem 4666 days ago
Right but his also assumes that you have physical access to the device! That, and a finger printing kit and time to spare...
link
minor_nitwit 4666 days ago
Which makes the idea of a fingerprint reader on a phone somewhat nonsensical. Your password is all over the phone, and Mythbusters has proven how easy these are to fake.
link
LaGrange 4666 days ago
Actually, it doesn't, because properly used biometric isn't a sole auth method. You want to use it coupled with at least a pin - then suddenly just looking over your shoulder isn't enough, you have to handle the phone carefully, or steal the fingerprints off your glass. That's more work, and makes it more costly and skill intensive. It's not impenetrable, but still quite efficient.
link
minor_nitwit 4664 days ago
Good point. If it's two or more factors then the weakness of the fingerprint factor is not such a big deal. Is the iPhone 2 factor?

I think there is too much of an emphasis on using uniqueness for security. The idea is that if "It could only be you!" you are secure.

The sci-fi vision is a world where a fingerprint or retina scan is taken and that's it. There's no username needed, just the fingerprint itself is enough to confirm your identity. In reality, the idea of uniqueness for security actually would create security problems, because it removes the other factors involves, and biometric codes like fingerprint cannot be changed as needed (technically a fingerprint can be changed 9 times. A voice on the other hand cannot.)

An NFC tag/card/ring, seems much better to me, since these can be changed as needed and would be more difficult to hack than taking a fingerprint off the phone.

An armed thief could steal your ring or fob along with the phone, but they could also make you use your finger to unlock your phone for them. So I don't think that's really any added protection in that situation.

The thief that just grabs your phone off the counter or out of your pocket will have a much tougher time with the NFC tag than with the fingerprint.

link