Hacker News new | past | comments | ask | show | jobs | submit login

Alternatively, fingerprints should be used as 2FA. They're something you have. Supplement it with something you know (or that your encrypted password store knows) and you're golden.



Not quite right. Finger prints are considered "something you are". Always with you, can be impersonated, but can't be changed. Something you have have would be a key or a token, that can be changed if compromised.

Agree with the rest of your comment. Cocktail "something you are" with "something you know" and "something you have" for potent results.


> They're something you have.

And the police have them. And the US government has (flew there twice) them. Isn't the "something you have" in 2FA ideally meant to be something that only you have?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: