Fingerprints are not passwords.

By | 14/03/2016

Here at ITSS we try to take security seriously.fpquestion

We’ve noticed that a lot of the new smartphones are coming with fingerprint readers, and that many users are choosing to ‘lock’ their phones (and other devices), with their fingerprint(s).

This is not a good idea.

Consider a good password:

  • It’s secure (of a suitable length, and containing a variety of characters)
  • It’s a secret (only you know it)
  • Hard to guess
  • Hard to brute-force crack

Consider your fingerprints:

  • You leave a copy of them everywhere that you go
  • Not a secret

For a long time, it has been known that using a decent camera and some superglue, it’s trivial to create an excellent photograph of any fingerprint that you might find on an ordinary glass . Now, using less than $500 worth of equipment, the photo can be used to create a fake fingerprint on a modern inkjet printer using conductive ink

At least this time we’re using more than just Gummi Bears.

A fingerprint is not a password.