Why a passcode is better than biometric access
TL/DR: Don’t use your fingerprintsor facial recognition as access passwords.
Biometric access is not secure. Fingerprints or facial recognition as passwords are not legally protected. You can’t change your fingerprints or face but a password should always be changeable.
More and more technology is being released with the addition of a biometric scanners; Apple’s iPhone feature biometric unlocking with either your fingerprint or facial recognition, Samsung’s Galaxy, Dell’s Laptops…. all feature biometric scanners for easy unlocking of the device to prove ownership.
Fingerprints and facial recognition are insecure as passwords.
Yes, they confirm who you are. Yes, they’re always attached to you. Yes, you don’t need to remember anything. No, they’re not legally protected… at least not in the US or the UK.
In the United States, defendants have the right not to testify against themselves under the Fifth Amendment and providing a passcode or password can be considered testimonial. However biometrics (DNA, fingerprints etc) are not protected and multiple cases have been observed where no legal process was needed in order to open a device with biometrics enabled.
In the United Kingdom, you can be mandated by court warrant to divulge your password under the The Regulation of Investigatory Powers Act (RIPA), Part III. Failure to comply can result in imprisonment. However, a court order is not needed to force a person to unlock a device by fingerprint, again, multiple cases have been observed where devices have been unlocked with biometrics enabled.
Until there are significant changes in legislation and security which protect biometric data, fingerprints and facial recognition as passwords will continue to be insecure.