Here at ITSS we try to take security seriously.
We’ve noticed that a lot of the new smartphones are coming with fingerprint readers, and that many users are choosing to ‘lock’ their phones (and other devices), with their fingerprint(s).
This is not a good idea.
Consider a good password:
- It’s secure (of a suitable length, and containing a variety of characters)
- It’s a secret (only you know it)
- Hard to guess
- Hard to brute-force crack
Consider your fingerprints:
- You leave a copy of them everywhere that you go
- Not a secret
For a long time, it has been known that using a decent camera and some superglue, it’s trivial to create an excellent photograph of any fingerprint that you might find on an ordinary glass . Now, using less than $500 worth of equipment, the photo can be used to create a fake fingerprint on a modern inkjet printer using conductive ink
At least this time we’re using more than just Gummi Bears.
A fingerprint is not a password.