“Fingerprints are Usernames, not Passwords”

But let’s just say you’re okay with Apple sharing your fingerprints with the NSA, as I’ve already told you, they’re not private at all. You leave them on everything you touch. And let’s say you’re insistent on using fingerprint (biometric) technology because you can. In that case, your fingerprints might identify you, much as a your email address or username identifies you, perhaps from a list.

I could see some value, perhaps, in a tablet that I share with my wife, where each of us have our own accounts, with independent configurations, apps, and settings. We could each conveniently identify ourselves by our fingerprint. But biometrics cannot, and absolutely must not, be used to authenticate an identity. For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated. I will continue to advocate this within the Ubuntu development community, as I have since 2009.

Once your fingerprint is compromised (and, yes, it almost certainly already is, if you’ve crossed an international border or registered for a driver’s license in most US states and many countries), how do you change it? Are you starting to see why this is a really bad idea?

via From the Canyon Edge

Yes, yes, and yes.

Advertisements