[Captain Kitchener]

Maybe I'm crazy but I've always thought it a little weird how people are so willing and ready to put their fingerprints onto their phone.

In today's world, where everything is so technologically centred, I'm a little concerned how dependent and how willing we are to give up our freedoms for the sake of ease of access. Because fingerprints really are the ultimate security risk.

Think about it, somebody steals your credit card information... Might be a pain, but you can fix it. If someone drains your bank account, you can fix that too. Someone steals your fingerprint, you are kind of SOL.

I don't want to sound too paranoid but I have a real problem putting information like that onto my phone.

So my question is who is going to use the scanner? Why or why not?

[thurask]

Fingerprint data is stored locally in formats inaccessible to apps outside the system instead of being transferred anywhere, or stored as raw images.The easiest way to get your fingerprint from your phone is therefore the outside of the phone itself, but the Mercury fingerprint scanner is on the space bar I think, which will get covered in prints after normal usage anyway. Maybe wipe it off from time to time.

For making unlocking easier there are other ways, but the convenience factor is very compelling for fingerprint. I use it for unlock and Lastpass, on my DTEK60.

[early2bed]

Your fingerprint does not go into the smartphone to be stored or sent anywhere - only a hash. It's like translating a song recording into the lyrics and then storing it. You can positively identify the song whenever it is played to you but you can not recreate the recording from the lyrics you have stored. You can also make the identification very specific by recording the exact millisecond various words are spoken. That means that you can identify the recording from all other recordings but you do not have a copy of that recording.

Another way to look at it is that if I made a proprietary hash out of specific biometric measurements of your face such as the distance between your eyes and the tip of your nose, etc. I could later identify your face from a million others but there's no way I could recreate a recognizable image of your face.

Even better, there is a secure element - a physical chip that can only do two things: 1) store a hash and 2) compare that hash to others that are submitted for identification. It has no ability to output that stored hash. It's an electronic one-way street.

Your icon is easily identifiable by my brain as Elvis at any time but that doesn't mean I now have that photograph of Elvis in my brain that I can use to create an imposter account.

[bobshine]

OP, if someone steals your credit card, or your credit card number with the expiration date... then they can go on a crazy online shopping spree.

Now tell me: if they steal your finger print, what can they do?????? Think about this and get back to us.

[Captain Kitchener]

OP, if someone steals your credit card, or your credit card number with the expiration date... then they can go on a crazy online shopping spree.

Now tell me: if they steal your finger print, what can they do?????? Think about this and get back to us.

They can indeed. I mentioned this in my post. You can still prove it isn't you even if it's a pain to do so.

And maybe there isn't much someone can do with a fingerprint right now, but as technology changes, that will change in the future as well.

[ominaxe]

I used to care about this until I realized my finger print is everywhere and will continue to be everywhere. Times are changing and so is means for identification. You can barely even leave the country now without getting your fingerprint scanned.

[sidtek50]

Fingerprint data is stored locally in formats inaccessible to apps outside the system instead of being transferred anywhere, or stored as raw images.The easiest way to get your fingerprint from your phone is therefore the outside of the phone itself, but the Mercury fingerprint scanner is on the space bar I think, which will get covered in prints after normal usage anyway. Maybe wipe it off from time to time.

For making unlocking easier there are other ways, but the convenience factor is very compelling for fingerprint. I use it for unlock and Lastpass, on my DTEK60.

Agreed. Lastpass with the fingerprint scanner is incredible. I couldn't use lastpass without it - literally.

[thurask]

Agreed. Lastpass with the fingerprint scanner is incredible. I couldn't use lastpass without it - literally.

It's much easier than remembering the password every time, but the app is well designed enough that traveling through enemy territory can be dealt with through a simple log out; fingerprint only works when logged in, logging out then logging in requires the master password and another factor of authentication (as one should). The icing on the cake is support for this:

[gg bb]

From what I understand fingerprint scanners do not store all of your fingerprint. The tech should work something like this: On first scan of fingerprint generate a random number which is used to choose probably 4 small areas of the finger amounting to maybe 1% of the finger to be scanned. Scan these areas to generate another number. An algorithm then combines these numbers to get another number which is stored on the device. The first number which was generated randomly is also combined with the hardware or software unique id this result is also stored. Of the 2 numbers stored. The original number which identifies where to scan can only be regenerated on the hardware and specific sw install it was created on. When a finger is re-scanned the resultant data from scanning is combined with fist number to see if the same number as the 2nd number is generated. Note the hardware unique id is probably a 32 digit hex code GuId generated when the software is installed. It is always unique. I can't guarantee this is the exact method but it should give a flavour of what sort of methodology should be used when a finger is scanned.

[early2bed]

Another reason to use fingerprint ID is for multiple layers of authentication. Most financial and banking apps allow fingerprint ID to be used to login to the app. Sometimes you lend your phone to someone else to use, especially, a spouse or kid or even a co-worker who you would not want full access to any and all apps like Mint or your banking app. Either you set another login for the app and enter two different passwords when you unlock the phone and then when you login to the app, or you use fingerprint for the app so only you can open your banking app with one touch. Convenience often means more layer of security from a practical standpoint.

[medic22003]

Well OP I agree with you. I'm not comfortable giving biometric information out. Just me and my fierce distrust of people and entities that ain't me

[bobshine]

They can indeed. I mentioned this in my post. You can still prove it isn't you even if it's a pain to do so.

And maybe there isn't much someone can do with a fingerprint right now, but as technology changes, that will change in the future as well.

You just mentioned it: there isn't much you can do with a finger print right now. So you're contradicting yourself.

It's all depends on implementation and security firms are well aware of fingerprint authentication limitations and risks.

However, using fingerprint scanner as a token generator is well regarded as very secured and as technology changes, it's going toward this direction. For instance, Apple is already using the iphone fingerprint scanner to authenticate transactions on your laptop. This is much more secure than requiring a simple password or credit card number plus expiration.

The idea is not to use the finger print to authenticate, but combine the fingerprint with a device to authenticate. If you lose that device (ie the iphone or a token generator) you just have to cancel it. Chances are that person that finds it don't have your finger print.

If you lose your credit card, they can do thousands in transaction before the card is cancelled

[Dmd74]

I can not think of a situation in which anyone can do anything really with my fingerprint. Well...except access the hidden vault under the floor of my garage. Really though, what can someone do with a fingerprint? And if they can do something with it they can easily just grab the glass that I drank from in a restaurant that I ate at after I left the table and retrieve my fingerprint. Sometimes I think that people look for things to be concerned or worried about.

[kkoo]

Ten years from now we'll be talking about that crazy tattoo on our foreheads.

[crackbb10]

I think my fingerprint is more safe stored on a BlackBerry than the passport databases that already have mine. That being said, I'll probably set it up to wake the phone only when it's unlocked. When locked, i'll want picture password to do the trick just like it does now on BlackBerry 10. It's all up to how YOU 'protect' your device.

Posted via CB10

[Captain Kitchener]

Ten years from now we'll be talking about that crazy tattoo on our foreheads.

Bingo!

That right there is what I'm getting at. So much of our lives are dependent upon technology and computers. And because of this we give up so much of our liberty and freedom without thinking.

I don't dispute that there are safeguards and measures put in place to protect our information. All these are valid points. What I'm concerned about is what happens if those measures fail and we're so connected that we're screwed.

[slagman5]

OP, if someone steals your credit card, or your credit card number with the expiration date... then they can go on a crazy online shopping spree.

Now tell me: if they steal your finger print, what can they do?????? Think about this and get back to us.

Well, if that happens, you simply report it and the transactions get voided, you lose nothing, and all you have to do is get a new card with a new number. Now, if someone steals your fingerprint, sure you can't think of much else you could do with it other than unlock your phone, but technically, if it becomes used for more things in the future, now what? Can you simply call someone and get your fingerprint changed or replaced??

And just in case you're wondering, there are a lot of PC either personal or work computers that use biometrics like fingerprints to log in. They sell safes for you to store your valuables at your house. And there are other things. So, I guess you'll feel ok using these things if you knew someone had your fingerprint data?

Posted without the aid of AutoCorrect with my physical keyboard via CB10

[slagman5]

If you lose your credit card, they can do thousands in transaction before the card is cancelled

Why does this even matter? You report it stolen, whether they used $5 or $5000, you are responsible for $0 of it...

Posted without the aid of AutoCorrect with my physical keyboard via CB10

[slagman5]

I can not think of a situation in which anyone can do anything really with my fingerprint. Well...except access the hidden vault under the floor of my garage. Really though, what can someone do with a fingerprint? And if they can do something with it they can easily just grab the glass that I drank from in a restaurant that I ate at after I left the table and retrieve my fingerprint. Sometimes I think that people look for things to be concerned or worried about.

Maybe not much for now. You'll never know if that could change in the near future. If your fingerprint information is compromised now, it'll still be compromised then. I guess we can just change to a new one then right?

Posted without the aid of AutoCorrect with my physical keyboard via CB10

[slagman5]

They can indeed. I mentioned this in my post. You can still prove it isn't you even if it's a pain to do so.

And maybe there isn't much someone can do with a fingerprint right now, but as technology changes, that will change in the future as well.

I agree. I've had my credit card numbers used before. Do you know how much of a pain it was to get that all wiped out? "Hello, yes, I see transactions that are not mine. Yep, those last 2. Ok, thanks, I'll be expecting the new cards in the mail. Thanks!" *hangs up*

Yah, man, that was rough, lol.

I honestly don't care at all if someone steals my credit card info. That can be changed so easily. Your biometric data? Not so much...

Posted without the aid of AutoCorrect with my physical keyboard via CB10

[deadcowboy]

By law, you can be forced to provide your fingerprint to unlock your device.

Depending on the professional sector, biometrics may not be allowed. Perhaps allowed as one of a two-factor authentication.

Posted via CB10

[early2bed]

Some of you have a big surprise coming next time you go to Disney World. The Mouse wants your fingerprint.



This is kind of a pointless argument. Nobody reading this is going to be able to go through life without giving up your biometrics to multiple entities going forward. When you come back from overseas your facial features are scanned. Many people who take your picture will let Google Photo find you via your facial features. Your Facebook family and friends will tag you.

For hundreds of years our primary biometric ID has been our signature, yet we leave it all over the place for anyone to copy and paste. Soon you are going to have to let computers scan your retina. Do you really think you can keep your biometrics to your self?

[fr4nz]

..wish my passport had it,..got stolen recently. I'd welcome them to come get my finger!

[Bla1ze]

Nobody reading this is going to be able to go through life without giving up your biometrics to multiple entities going forward.

At least now some of those who want it are telling you they want it vs. just taking it without your knowledge.

[Nathan Conley]

By law, you can be forced to provide your fingerprint to unlock your device.

Depending on the professional sector, biometrics may not be allowed. Perhaps allowed as one of a two-factor authentication.

Posted via CB10

Exactly. They can't force use to unlock a phone with a PIN, password, or pattern. They absolutely can require an unlock with your fingerprint.

This is U.S. case law.