Report: Your phone’s biggest vulnerability is your fingerprint


Russell Brandom for The Verge:

..fingerprints may become one more form of easily leaked data, alongside passwords, credit cards, and social security numbers. We've already seen it happen when the OPM breach compromised the fingerprints of 14 million federal workers. That same credential theft can happen at a smaller scale, as criminals pull fingerprints off furniture or even from high-resolution photos. For a determined attacker, a fingerprint is easier to steal than a password: it's visible on your body at all times, and you give it away every time you touch a flat surface.

Even during the rumor period of the iPhone 5s, (first iPhone to get a finger print sensor) ways to spoof the sensor where making the rounds. Such a spoof if I recall was demonstrated on launch day. So, yeah, it's not bullet proof, but I think that's missing the point.

If people may be missing the forest for the trees if they avoid biometrics because of the very slim chance they might fall into a scenario involving sophisticated hackers or three letter agencies. Even with a database of finger prints and a 3D printer, they still need to have your device.

The alternative is likely less secure for most people for situations that are much more probably. Such as theft or online account breaches from common criminals. Entering your password over and over all day means for most people a simple password or no password at all.

To me, it's sort like preparing for the zombie apocalypse while failing to keep your smoke detectors running. If you bail on biometrics, you need to be prepared to do it the hard way.