Posted on Oct 23, 2016 by Rick Falkvinge

Once more, with passion: Fingerprints suck as passwords




Imagine you had a really strong and complex password. It was so hard for anyone to remember, that you had printed thousands of business cards with the complex password on them, and left such a card at every single object you just happened to touch. Would that be a good password?

This week, there was a story about an FBI house search where the people in the house were compelled to give up their fingerprints in order to unlock phones, which were locked just with fingerprints.

Most people seemed to be appalled at the FBI being able to coerce somebody into unlocking their phone, while pretty much nobody would have blinked at phones being seized as part of a lawful search.

How many stopped to reflect over the fact that the house was probably filled to capacity, on every object and every surface, with those fingerprints required to unlock the phones in question? That it would have been absolutely trivial to recover them from the first glass fetched from the kitchen, or even from the very phones in question?

Fingerprints aren’t authentication.

Fingerprints are identity. They are usernames.

Fingerprints are something public, which is why it should really bother nobody with a sense of security that the FBI used them to unlock seized phones. You’re literally leaving your fingerprints on every object you touch. That makes for an abysmally awful authentication token.

It’s true that phones can be unlocked with fingerprints, but that doesn’t turn the fingerprint into a secure authentication token. Rather, it turns the phone lock into a phone bolt, without a key requirement – an electronic bolt which one particular person can open trivially (because they carry the fingerprints on their hands) and everybody else can open with a small amount of effort (because those fingerprints are trivially retrievable and copyable). But in no way should it be considered secure, or even a lock: it’s merely something that takes less effort to open for one particular person.

Yes, of course it’s better to have a bolt on something than no bolt (fingerprint security is better than nothing). But a bolt that requires a sliding action should not be mistaken for a lock that requires a key. A false sense of security can be worse than no security in some cases.

Biometrics were never authentication tokens. They were identity tokens. Authentication tokens are secret and replaceable, and your fingerprints (your retina, your iris, and so on) are neither.

When you authenticate something even slightly sensitive with biometrics, you’re doing it wrong.

The right way to do it is to identify with biometrics, and then authenticate with a proper security token, which is secret.

Privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service
  • SSShhhhh!! Someone has worked really hard to convince everyone that biometrics ARE authentication (and it’s so much more convenient than remembering a password). Besides, if you’re not doing anything wrong, what do you have to hide? Nothing to see here, move along now.

  • Zac Lowing

    On my galaxy s5 you swipe your finger across a sensor. I can see how a stationary print reader can be hacked, but a swipe? Heck, I have mine set for my thumb, and I do it sideways´╗┐, good luck on figuring that out. Besides, I lock it in case it gets stolen from me on the street and I doubt hoodrats have a CSI crime lab at the crib.

    • Antimon555

      “Heck, I have mine set for my thumb, and I do it sideways´╗┐, good luck on figuring that out.”

      Your thumb, sideways. Got it. Unless you want to say which thumb and what direction too, there are only four ways to try:-)

    • Alex Rockemer

      Can can still be hacked but it is more work than a stationary fingerprint reader ironically the cheap fingerprint readers that take you 20 a temps to get in are more secure than the expensive versions!

  • Alex Rockemer

    I know someone that has a fake fingerprint they made using a toe and they use that! ;P

  • Alex Rockemer

    Passwords can be stolen with several programs or device’s like key logging or listen to key tones which to us sounds the same but too software can be vastly different!

    “The only way to win is not to play! ~ WarGames”

  • Dariusz G. Jagielski

    Sarcasm.

    It is invisible to you.