A reminder that biometric auth security is not based on secrecy ( aren't secret), but on the difficulty of making a copy that can trick a sensor. Now there's an app for that.

Any kid who's successfully forged their parent's signature on school forms has demonstrated the flaws with biometrics as single-factor auth.

Show thread

@kyle Sure, but it's worth noting what we're comparing it to. It's possible to spoof a biometric, but it's also possible to shoulder-surf someone's passcode. When in public, I'd honestly consider that a greater risk than someone printing a replica fingerprint to unlock my device.

Different auth mechanisms have tradeoffs for different threat models, and I think that's fine so long as you're aware of them. When crossing a border? Sure, I'll disable biometric auth.

@jfred I'd consider using biometrics as a *second* factor along with a long PIN, but unfortunately at least on Android the assumption is one or the other, not both.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml