A reminder that biometric auth security is not based on secrecy (#biometrics aren't secret), but on the difficulty of making a copy that can trick a sensor. Now there's an app for that. #infosec
https://fossbytes.com/a-new-app-can-scan-fingerprints-from-drinking-glass-to-unlock-your-device/
@kyle Sure, but it's worth noting what we're comparing it to. It's possible to spoof a biometric, but it's also possible to shoulder-surf someone's passcode. When in public, I'd honestly consider that a greater risk than someone printing a replica fingerprint to unlock my device.
Different auth mechanisms have tradeoffs for different threat models, and I think that's fine so long as you're aware of them. When crossing a border? Sure, I'll disable biometric auth.
@jfred I'd consider using biometrics as a *second* factor along with a long PIN, but unfortunately at least on Android the assumption is one or the other, not both.
