Fingerprint readers: can they be trusted?

[Almeuit]

That's what the back up password or pin is for. If your hand is dirty out have gloves on, you can enter the backup pin our pass.

This. All Fingerprint scanners require a backup password to be set for this very reason.

 

[Tsepz_GP]

This was more of a conversation thread than a help one.



What do you mean? If someone has your fingerprint, they can't use it somewhere else?

What he is saying is that your Fingerprint in your phone works more like a Password, it's a digital signature, your actual print is not kept,just a digital code of it.

 

[dlalonde]

Well... some of those articles are tricky. Security related stuff can sometimes come from some super-paranoid types who think there is a small team of govt spies dedicated to pouring over every aspect of their life. Now, while there ARE teams like that in existence, they are usually focusing on the sketchy dude that lives out in the woods that happens to be buying up an awfully large amount of ammonium nitrate and a bunch of 55 gallon drums.

Now, is NOT using a fingerprint 'safer' than using one? Technically speaking, it is... but there hasn't been a single instance that I've read about where someone hacked a phone and got someone's fingerprints to be used for ill begotten gains. There have been some security types that have shown that you can defeat FPS systems, but every single one required the nefarious marauder to be a) technically savvy and b) have the phone in hand. And someone of that ilk will get in your phone, FPS be damned.

Most every time a phone is stolen, it's by some loser who'll try to turn it around for a quick buck.

Ha ha ha!! I love that answer!

What he is saying is that your Fingerprint in your phone works more like a Password, it's a digital signature, your actual print is not kept,just a digital code of it.

Oh I see. And I'm guessing it can only be read by Android right?

 

[Tsepz_GP]

Ha ha ha!! I love that answer!



Oh I see. And I'm guessing it can only be read by Android right?

I believe so.

 

[Matty]

I would give fingerprint sensors a 9/10 for security. They great because no one will ever be able to 'guess' your fingerprint since its unique. Additionally, it's faster than typing in a long password which is great.

So I would say they very safe and can be very useful.

A droid a day keeps the Apple away

 

[Morty2264]

I trust my fingerprint scanner very much - but I'd say I use my PIN/reader almost equally on my Honor 8.

But I definitely see your point and your concern, because you never know: anything can happen; especially with technology still being quite vulnerable today. Despite the security, workarounds, etc, things can still happen. That's the sad truth.

 

[sting7k]

What is stored on your device isn't an actual image of your finger print. It is a mathematical representation of your finger print. So it's just a bunch of numbers that don't mean anything to anyone other than your specific device.

 

[AxlMyk]

... but there hasn't been a single instance that I've read about where someone hacked a phone and got someone's fingerprints to be used for ill begotten gains.

^^^This^^^
I have all our banking, personal, and all kinds of info on my phone. The last thing I'm worried about is someone getting into it with a finger print, or my high level PW.

 

[dlalonde]

but there hasn't been a single instance that I've read about where someone hacked a phone and got someone's fingerprints to be used for ill begotten gains

I get your overall point but to that specific phrase I'll say no one had ever hacked into Ashley Madison or Yahoo or even the US Government... until someone did. There's always a first time.

But like Morty2264 said:

anything can happen; especially with technology still being quite vulnerable today. Despite the security, workarounds, etc, things can still happen. That's the sad truth.

I use technology by taking for granted that everything can be hacked which is a fact. Obviously, the risks more or less high depending on the service and the information given. But that's the basis on which I decide what I use or not. For instance, I don't back my pictures on Google Photos even if I got 2 years of full resolution backups for free. Why? Because I don't want pictures of my kids in bathing suits ending up on some weird website if Google Photos get hacked some day (and before someone tells me I'm not being consistent, I don't have any picture of my kids on Facebook either or anywhere online... people usually take for granted that I do and try to put it in my face for some reason ). Maybe if will never ever happen (I actually trust Google rather a lot, don't get me wrong). But that's just not a risk I'm willing to take in that particular situation.

After this conversation I have to say I now have two fingerprints on my phone! You guys weren't kidding, this is really fun and convenient. I use to set my screen to turn off after 30 minutes because it was a pain to have it turn off quickly. Now I left the default value and just turn it back on with my thumb!

 

[Ten Four]

Most security articles on the web are not very practical--"Use unique 20-character passwords on each site you visit, utilizing a random string of upper and lower case characters, numerals, and symbols." Stuff like that is next to useless as advice. In the real world if you use a fingerprint scanner you are more protected than 50% of the phones that have no password or anything, and then think of the most likely scenarios: you lose your phone or it is stolen. What are the chances the average person finding the phone, honest or thief, will have the time or skills to hack into your phone even if it is only protected by the most basic PIN number? Near zero chance of that. Remember cars of a certain era had 4-digit pins that opened the doors. I had one of those cars for close to a decade and never once was the door opened illicitly and it was left parked on city streets, parking lots, etc.

 

[dlalonde]

Most security articles on the web are not very practical--"Use unique 20-character passwords on each site you visit, utilizing a random string of upper and lower case characters, numerals, and symbols." Stuff like that is next to useless as advice.

Actually that's not quite true.

First, the number of characters makes it harder for scripts to find your password. Those scripts are able to find easy passwords in seconds. The more charaters and the bigger the variety of characters used, the less chance you have of having some script find your password. Facebook, Google, banks and so on, should not only have a good password but also two-factor authentication.

Using a different password everywhere is so if there's a place that gets hacked, like Yahoo for example, and your username/password get sent into the wild (which happens) then hackers cannot get into your account simply by copy/pasting those credentials from a text file found on the Web.

Saying it's useless because it's not practical is throwing the baby with the bath water. That's like saying "Well having to lock my front doors and have a security system is a pain in the butt and I could get broken into anyways so I just leave everything unlocked".

There are easy ways to get around the inconvenients. For instance, use a phrase. It's got many characteurs, special characters, upper and lower case and you can end it with an exclamation point. You can also use a password manager that pre-fills your passwords automatically.