Imagine you had a really strong and complex password. It was so hard for anyone to remember, that you had printed thousands of business cards with the complex password on them, and left such a card at every single object you just happened to touch. Would that be a good password?
This week, there was a story about an FBI house search where the people in the house were compelled to give up their fingerprints in order to unlock phones, which were locked just with fingerprints.
Most people seemed to be appalled at the FBI being able to coerce somebody into unlocking their phone, while pretty much nobody would have blinked at phones being seized as part of a lawful search.
How many stopped to reflect over the fact that the house was probably filled to capacity, on every object and every surface, with those fingerprints required to unlock the phones in question? That it would have been absolutely trivial to recover them from the first glass fetched from the kitchen, or even from the very phones in question?
Fingerprints aren’t authentication.
Fingerprints are identity. They are usernames.
Fingerprints are something public, which is why it should really bother nobody with a sense of security that the FBI used them to unlock seized phones. You’re literally leaving your fingerprints on every object you touch. That makes for an abysmally awful authentication token.
It’s true that phones can be unlocked with fingerprints, but that doesn’t turn the fingerprint into a secure authentication token. Rather, it turns the phone lock into a phone bolt, without a key requirement – an electronic bolt which one particular person can open trivially (because they carry the fingerprints on their hands) and everybody else can open with a small amount of effort (because those fingerprints are trivially retrievable and copyable). But in no way should it be considered secure, or even a lock: it’s merely something that takes less effort to open for one particular person.
Yes, of course it’s better to have a bolt on something than no bolt (fingerprint security is better than nothing). But a bolt that requires a sliding action should not be mistaken for a lock that requires a key. A false sense of security can be worse than no security in some cases.
Biometrics were never authentication tokens. They were identity tokens. Authentication tokens are secret and replaceable, and your fingerprints (your retina, your iris, and so on) are neither.
When you authenticate something even slightly sensitive with biometrics, you’re doing it wrong.
The right way to do it is to identify with biometrics, and then authenticate with a proper security token, which is secret.
Privacy remains your own responsibility.