
Researchers Created Fake 'Master' Fingerprints to Unlock Smartphones - pedro84
https://motherboard.vice.com/en_us/article/bjenyd/researchers-created-fake-master-fingerprints-to-unlock-smartphones
======
mises
When did we get the idea that biometrics were such a great idea? We literally
wear our new "passwords" on our fingerprints all the time. We also leave
fingerprints around, basically meaning we simply rely on people being too lazy
to find a way to replicate them.

Secondly, you can't change biometrics. That's bad. Your retinae, fingerprints,
etc. can't be reset if stolen.

Finally, there's a lot more legal precedent for passwords. As it stands,
passwords are protected as "persons and papers", while fingerprints etc. are
not.

Biometrics seem like an attempt to try to compensate for people's reluctance
to make good, unique passwords. This is the cynic's opinion, but I don't think
we can ever compensate completely for the human fallibility of any system.

~~~
beatgammit
To be fair, they're more secure in the average case where someone leaves their
phone on the bus and someone else picks it up. Joe Shmo the phone thief isn't
likely to know how to lift fingerprints (e.g. off the phone itself), but they
can unlock an unsecured phone.

If that's the difference we're talking about, fingerprint security is way
better than no security and has about the same convenience.

I don't use the fingerprint sensor on my phone because I prefer better
security through a relatively long password. However, I'd much prefer that
someone use _something_ than nothing. I think patterns are a reasonable
alternative, as are PINs.

~~~
mises
Thinking from the perspective of Joe Shmo, you're correct. However, biometrics
are being pushed on enterprise security and other higher-value targets.

