Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > 'Fake finger' successfully used to bypass Touch ID on iPhone 5s

'Fake finger' successfully used to bypass Touch ID on iPhone 5s
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 22, 2013, 07:33 PM
 
A group in German claims to have successfully worked around Apple's new Touch ID biometric system, albeit using an extremely elaborate system to do so, involving a high-resolution lifted fingerprint and creating a "fake finger" that mimics a real one that has the lifted fingerprint printed onto latex milk or wood glue and then applied -- and of course physical access to the iPhone that utilizes that particular fingerprint. A different hacker group is offering a reward for such a solution, including cash, Bitcoins, liquor and books as a reward.

The German group issued a statement criticizing the biometric industry for making false claims about how secure fingerprint-based locking is, CNN reports. For most people, however, the group would seem to have undermined its own arguments with the elaborateness and extent of the work involved to bypass the Touch ID lock.

Apple automatically disables the Touch ID system and reverts back to a (simple or complex) passcode if the finger hasn't been used to unlock the iPhone within the last 48 hours. This means thieves would have to obtain the iPhone and the fingerprint, make the "fake finger" sheet and get it to the point where it could successfully unlock the phone very quickly.

Users who actually have classified or highly-sensitive information on their iPhone are likely to use complex passcodes, remote management or wipe, Activation Lock, Find My iPhone and many other safeguards in addition to Touch ID. Such measures make the possibility of an actual "sensitive" iPhone getting bypassed in this manner even more remote -- though the group makes a fair point that fingerprints can often be recovered fairly easily in real-world situations and aren't an end-all solution for security (nor has Apple attempted to market the Touch ID feature in that manner).

Senator Al Franken noted some shortcomings of using fingerprints as passwords in his letter to Apple CEO Tim Cook, saying that while passwords can be secret and easily changed if they are discovered, fingerprints are permanent and public." Franken's letter included some other questions regarding the future of the technology (such as whether it would be available to third parties, which would introduce further risks).

However, Franken's letter didn't acknowledge that Apple has already published safeguards and explanations of how the technology works, including fallbacks -- and the fact that TouchID is not required nor warranted to be foolproof. It is simply designed to be another obstacle for potential thieves and hackers to overcome compared to the security built into most other modern smartphones.

It is unclear if the workaround devised by the German group qualifies for the $16,000 prize from istouchidhackedyet.com, but the site has said that it seeks a reliable and repeatable way to "break into an iPhone 5s by lifting prints." with the community offering items and cash to sweeten the prize. Reuters reports that a venture capital firm has put up $10,000 towards the reward, saying it wants to help fix any problems found with Touch ID "before it becomes a problem" and that the competition will help "make things safer." The co-founder of the istouchidhackedyet website has said that he believes Apple has done a good job on making the new technology secure, but wants to engage the hacker community to be sure.

But lest anyone believe that the technology is impervious, a Minnesota man has posted a video setting the record straight. The Touch ID system works with animals as well as humans, he discovered, demonstrating that a chihuahua with a captured "pawprint" can also unlock the iPhone 5s

Neither group has shown any interest in trying to unlock the captured digital image information captured by the sensor, which is said by Apple to be stored in a "secure enclave" within the A7 processor. Presuming the data is strongly encrypted as Cook has said, it should be nearly impossible for even those with sufficient time and unlimited access to the workings of the chip to recreate the fingerprint data -- though ironically it may be possible to lift at least a partial high-resolution print of the users' preferred digit right from the sapphire glass used to protect the sensor on the iPhone 5s' home button.


( Last edited by NewsPoster; Sep 22, 2013 at 07:50 PM. )
     
macjockey
Junior Member
Join Date: Jun 2004
Location: USA
Status: Offline
Reply With Quote
Sep 22, 2013, 08:47 PM
 
you know, who really gives a crap
     
muadibe10
Fresh-Faced Recruit
Join Date: Sep 2013
Status: Offline
Reply With Quote
Sep 22, 2013, 09:10 PM
 
No matter how much I protest, people just follow me everywhere lifting my fingerprints!! I mean, who doesn't have this problem.

Dweebs.
     
Sebastien
Registered User
Join Date: Apr 2000
Status: Offline
Reply With Quote
Sep 22, 2013, 11:18 PM
 
Of course if this was happening to an Android, Blackberry or Windows device you two would be all over it. #doubleStandard
     
djbeta
Junior Member
Join Date: Jan 2004
Status: Offline
Reply With Quote
Sep 22, 2013, 11:26 PM
 
What a waste of brain cells.. don't you idiots get it? Better security is better security. The people I am protecting myself against will NOT have the ability to do what you did in this video.. Why don't you spend your time on something that benefits people and doesn't try to simply "poke holes" ???
     
djbeta
Junior Member
Join Date: Jan 2004
Status: Offline
Reply With Quote
Sep 22, 2013, 11:29 PM
 
And.. @Sebastien, you're wrong.. Touch ID is a truly useful method of protecting your device. MUCH better than a passcode.. which people can see you entering. Android has not provided us anything nearly that intuitive and useful.
     
Rapscallion
Fresh-Faced Recruit
Join Date: Mar 2004
Status: Offline
Reply With Quote
Sep 22, 2013, 11:50 PM
 
Previous story was door locks now unsafe, multiple copies of keys now possible...
     
BLAZE_MkIV
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Sep 23, 2013, 12:03 AM
 
Myth-busters spoofed finger print readers years ago.
     
hansmickle
Fresh-Faced Recruit
Join Date: Feb 2003
Status: Offline
Reply With Quote
Sep 23, 2013, 12:24 AM
 
Myth Busters were working with the only technology then available, which is a far cry from that which Apple is using. Their results have absolutely no relation to the current issue. Technology has changed radially.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 01:06 AM
 
What's with these emotional reactions? People trying to thwart the security of something is how you make that security stronger. This is a good thing, no matter how you feel about Apple.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 23, 2013, 01:35 AM
 
^ agreed.

What I find annoying is deliberate misinformation, like the tripe about the chihuahua meaning that the system is "not impervious". If you profile the dog's paw, it will work with the dog's paw. If you don't, it won't. How does that sort of shit help clarify anything? It's an amusing curiosity with zero relevance to the security of a system.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 01:41 AM
 
Originally Posted by Spheric Harlot View Post
^ agreed.

What I find annoying is deliberate misinformation, like the tripe about the chihuahua meaning that the system is "not impervious". If you profile the dog's paw, it will work with the dog's paw. If you don't, it won't. How does that sort of booze help clarify anything? It's an amusing curiosity with zero relevance to the security of a system.

How do you tell the difference between deliberate misinformation for ideological purposes, and ignorance with no particular ideological agenda? Does the ideology bother you, or the simple inaccuracy, or both?
     
mr100percent
Forum Regular
Join Date: Dec 1999
Location: Brightwaters, NY
Status: Offline
Reply With Quote
Sep 23, 2013, 01:43 AM
 
Video aside, I'm still skeptical. Apple said that their sensor uses conduction sensors, so the old "gummy finger" hack to bypass old fingerprint scanners was no longer effective. I'm wondering how the cover somehow was in the same conductive range as skin.
     
mr100percent
Forum Regular
Join Date: Dec 1999
Location: Brightwaters, NY
Status: Offline
Reply With Quote
Sep 23, 2013, 02:49 AM
 
Easy solution; don't program it to unlock with your finger. Use something else that isn't leaving prints everywhere.
Good luck figuring out which body part you need to scan to unlock my phone.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 23, 2013, 03:16 AM
 
Originally Posted by besson3c View Post
How do you tell the difference between deliberate misinformation for ideological purposes, and ignorance with no particular ideological agenda? Does the ideology bother you, or the simple inaccuracy, or both?
The misuse of inaccurately presented information to further sensationalism.

"OMG SECURITY BREACH" proven by the mechanism presented working exactly as designed (talking about the animal paws thing here, not the CCC hack) is either intentional misinformation, or ignorance. Either way, it is misleading to the reader, and whoever used it to support claims of insecurity needs to be taken out back and slapped with an eel.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 03:28 AM
 
Originally Posted by Spheric Harlot View Post
The misuse of inaccurately presented information to further sensationalism.

"OMG SECURITY BREACH" proven by the mechanism presented working exactly as designed (talking about the animal paws thing here, not the CCC hack) is either intentional misinformation, or ignorance. Either way, it is misleading to the reader, and whoever used it to support claims of insecurity needs to be taken out back and slapped with an eel.

So it's more of a bad journalism thing that irritates you more than a tech specific thing?
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 03:37 AM
 
The other part of this that is sensationalized is the fact that on many phones no password at all is required to access the phone once you have physical access to it. Once you have physical access to a desktop/laptop there is a good chance you'll be able to do stuff too.

For those that know better and need some actual security to prevent sensitive data, chances are over 99% of the time a thief is probably going to not bother with trying to get around your fingerprint security, it will be more than adequate deterrent. For those that need to protect sensitive info such as intellectual property or something that would have secret agents specifically gunning for your stuff (as opposed to whatever phone they can find), you probably shouldn't have any sensitive like your email on your phone anyway, because if somebody wants your stuff bad enough they can just crack upon the case and hook your hard drive up to something.

The summary: nothing new... Once you have physical access to something all bets are off.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 23, 2013, 03:53 AM
 
Originally Posted by besson3c View Post
So it's more of a bad journalism thing that irritates you more than a tech specific thing?
It's a misuse of evidence to prove things that cannot be inferred from the data, if you will.

It's what pisses me off about those conspiracy assholes, as well: a deliberate misrepresentation of evidence to present the illusion of coherence and credibility. Which is ironic, considering what they claim to be countering.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 03:56 AM
 
Originally Posted by Spheric Harlot View Post
It's a misuse of evidence to prove things that cannot be inferred from the data, if you will.

It's what pisses me off about those conspiracy assholes, as well: a deliberate misrepresentation of evidence to present the illusion of coherence and credibility. Which is ironic, considering what they claim to be countering.

This doesn't anger me really. This goes with the territory of being top dog in just about anything. Everybody wants to put a chink in the armor of the top dog.

That's right, dogs wearing armor.
     
YangZone
Junior Member
Join Date: May 2000
Location: San Francisco, CA USA
Status: Offline
Reply With Quote
Sep 23, 2013, 05:40 AM
 
Liquor? Nobody told *me*.
     
Wingsy
Fresh-Faced Recruit
Join Date: Apr 2005
Status: Offline
Reply With Quote
Sep 23, 2013, 06:05 AM
 
What's going to torque my jaws is when the mainstream media reports this. They will NOT go into any detail as to the process used to fake the finger. Quite the opposite; they will imply just how easy it is for anyone to do in just a few minutes, and will totally skip the part about how a thief is going to acquire your fingerprint (the one you used to teach the sensor). Just wait and see. CNBC, I'm looking at you.
     
Wingsy
Fresh-Faced Recruit
Join Date: Apr 2005
Status: Offline
Reply With Quote
Sep 23, 2013, 06:14 AM
 
Think it's easy to get your fingerprint off your phone? Try this. Get a strong magnifying glass and go over your phone very carefully, tilting it against the light. See any non-smudged fingerprints? If you do, is it the one you would have used to unlock your phone? All I could see on mine that were not smeared were small pieces of prints here and there.
     
shifuimam
Addicted to MacNN
Join Date: Aug 2006
Location: The deep backwoods of the PNW
Status: Offline
Reply With Quote
Sep 23, 2013, 09:59 AM
 
Originally Posted by djbeta View Post
And.. @Sebastien, you're wrong.. Touch ID is a truly useful method of protecting your device. MUCH better than a passcode.. which people can see you entering. Android has not provided us anything nearly that intuitive and useful.
Android has facial recognition for unlock, as well as the ability to use a pattern (which can be as complicated as you want, using as large as a 6x6 grid).

Both are quite intuitive and useful.

TouchID is fine for home users and their phones, but it's not fine for enterprise use. Biometric alone is NOT secure, and no security professional with any qualifications is going to tell you otherwise.
Sell or send me your vintage Mac things if you don't want them.
     
DiabloConQueso
Grizzled Veteran
Join Date: Jun 2008
Status: Offline
Reply With Quote
Sep 23, 2013, 10:49 AM
 
I'm sure the oleophobic coating that is used on most smartphone touchscreens/bodies these days helps to obscure fingerprints as well.

I think the takeaway is that NO security is 100% secure. If you want to protect your phone against accidental 18-month-old access, put a short password on there. If you want to protect your phone against casual thieves, put a 4-digit or longer passcode on there. If you want to protect your phone against more advanced thieves, put a fingerprint code and/or complex password on there, and enable data-wiping.

If you want to protect your phone against those who will stop at nothing to get at your phone and its data, then you're SOL. There is nothing short of restricting physical access to your phone by putting it in a safe deposit box or encasing it in a square foot of lead that will stop them.

People don't put Fort Knox-style security on their homes, because that's not the level of intruder they're trying to protect their home against. The actual Fort Knox, on the other hand, uses crazy levels of security, because they ARE protecting themselves against that level of intruder. Point being that the intruder that breaks into residential homes and the intruder trying to get into Fort Knox are two very different types of intruder.

Differing levels of security exist to keep differing levels/severity of unauthorized access at bay -- not to completely secure your device against any and all threats that may exist. If a news outlet or someone advertises this technology as such ("unbreakable" or "completely secure"), then they've committed a grave journalistic sin, which is adding unverified information to the story for excitement, interest, and/or gravity.

Fingerprints aren't the ultimate security implementation ever, but they're a step in the right direction.
     
bjojade
Junior Member
Join Date: Jun 2007
Status: Offline
Reply With Quote
Sep 23, 2013, 01:09 PM
 
Cue the class action lawsuit. Apple will be required to provide free finger caps to users so they can protect their prints from ending up in unwanted areas.

In reality, fingerprint scanning is part of the third trifecta of security. 1. What you have, 2. What you know and 3. Who you are. High security would use all three methods.

What you have would be a physical key, or device of some sort for unlocking. Someone gets a hold of that key, and they can get in. Lost keys, duplicated keys, photos of keys, etc, could be used to breach this method.

What you know is usually a password that you're supposed to keep in your brain. It can be breached by guessing, by interrogation, or by observation of the user.

Who you are is usually the most difficult to copy, but once you can copy, it's the hardest one to change. Things like facial scans, fingerprint scans, etc., can be fooled. Some are easier than others. Facial recognition can sometimes be fooled by simply showing the device a PHOTO of the user. It may not be able to know the difference between a photo and the real thing. Older fingerprint scanners could be fooled by a simple photocopy of a fingerprint. At least Apple's system is fairly complex and to fool it, you have to create a finger that mimics the electronic properties of a finger, and that has to be done within 48 hours of the last time the phone was unlocked. Secure enough for MOST users. If you're dealing with information that would be worth the effort to create this false finger, then chances are you've got additional security measures in place.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 23, 2013, 01:32 PM
 
Originally Posted by shifuimam View Post
Android has facial recognition for unlock, as well as the ability to use a pattern (which can be as complicated as you want, using as large as a 6x6 grid).

Both are quite intuitive and useful.

TouchID is fine for home users and their phones, but it's not fine for enterprise use. Biometric alone is NOT secure, and no security professional with any qualifications is going to tell you otherwise.
If you physically obtain a device, your goose is cooked. Somebody that wants your data can just take your HD/motherboard out and hook it up to something. This is probably going to be easier than bypassing the fingerprint stuff anyway, no?
     
hayesk
Guest
Status:
Reply With Quote
Sep 23, 2013, 05:23 PM
 
@shifuimam, security experts have already told me otherwise. Unless you are a "targeted" individual, nobody is going to use this method on your phone. That includes "enterprise users." And if they are targeted, one would simply force them to enter their passcode with threats of violence, anyway. So the question is, who is going to target you enough to make a fingerprint of you ahead of time?

And real security experts understand that security is a compromise between it and convenience, and the perceived threat level. It's the poser security experts who demand security over all else - the ones requiring PGP encryption when emailing their grandma.

Do you lock your car when you park it at the mall? Of course you do. Even though you know locks and car windows can easily be broken.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Sep 23, 2013, 05:33 PM
 
I agree that the facial recognition and pattern software are also barriers to help prevent theft and unauthorized use, but have to point out that the facial recognition software is WAY more easily defeated than Touch ID, and the pattern software is generally used like the passcode software -- the simplest pattern possible for most people, and easily observable like passcodes.

But again the point is not that there are *potential* ways to overcome such measures, it's about throwing up more roadblocks to deter thieves. You can't stop ALL theft, you can just make it more unpalatable. With Activation Lock, Find My iPhone and now the Touch ID, I'd argue that Apple has taken strong steps to deter theft.
Charles Martin
MacNN Editor
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 23, 2013, 06:30 PM
 
Originally Posted by shifuimam View Post
Android has facial recognition for unlock, as well as the ability to use a pattern (which can be as complicated as you want, using as large as a 6x6 grid).

Both are quite intuitive and useful.
Sorry, but unless something has changed, the face recognition is useless (since it can be thwarted with a photograph displayed on a smartphone screen, and patterns are no less tedious than passcodes.

The point of Touch ID is that it's (potentially) more secure AND less annoying than a passcode.
     
Sebastien
Registered User
Join Date: Apr 2000
Status: Offline
Reply With Quote
Sep 23, 2013, 10:52 PM
 
Originally Posted by djbeta View Post
And.. @Sebastien, you're wrong.. Touch ID is a truly useful method of protecting your device. MUCH better than a passcode.. which people can see you entering. Android has not provided us anything nearly that intuitive and useful.
WTH are you talking about!? I never mentioned the Touch ID thing - only how the usual fanbois would have a field day if this was any other platform.

Everyone reading this knows I'm right - they just won't admit it.
     
Sebastien
Registered User
Join Date: Apr 2000
Status: Offline
Reply With Quote
Sep 23, 2013, 10:54 PM
 
Originally Posted by shifuimam View Post
Android has facial recognition for unlock, as well as the ability to use a pattern (which can be as complicated as you want, using as large as a 6x6 grid).

Both are quite intuitive and useful.

TouchID is fine for home users and their phones, but it's not fine for enterprise use. Biometric alone is NOT secure, and no security professional with any qualifications is going to tell you otherwise.
That's true - in actual fact, the best thing for security would be body heat signature - that's truly unique to an individual (even twins will have different heat signatures), and it's apparently very difficult to 'fake' or simulate, especially for the face.
     
BLAZE_MkIV
Professional Poster
Join Date: Feb 2000
Location: Nashua NH, USA
Status: Offline
Reply With Quote
Sep 23, 2013, 11:08 PM
 
To make it truly poetic you'd use the front facing camera to take a picture of the users retina.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 24, 2013, 01:25 AM
 
Originally Posted by Sebastien View Post
WTH are you talking about!? I never mentioned the Touch ID thing - only how the usual fanbois would have a field day if this was any other platform.

Everyone reading this knows I'm right - they just won't admit it.
Anybody emotionally and ideologically invested in anything would have a field day if something happened to their opponent.
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 24, 2013, 01:30 AM
 
Originally Posted by besson3c View Post
Anybody emotionally and ideologically invested in anything would have a field day if something happened to their opponent.
Originally Posted by Sebastien View Post
WTH are you talking about!? I never mentioned the Touch ID thing - only how the usual fanbois would have a field day if this was any other platform.

Everyone reading this knows I'm right - they just won't admit it.
Truth in both posts.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 24, 2013, 01:35 AM
 
Do you guys know people that are emotionally/ideologically invested in a platform that they use as their primary source of income?
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Sep 24, 2013, 02:36 AM
 
Sure. I know a couple of support techs/firms that are Mac-only.


As for myself, I base large parts of my work on the Mac platform because it's what I'm accustomed to and because I'll gladly pay to have technology get out of my way when it can. Path of Least Annoyance, if you will. Not sure whether that constitutes "emotional/ideological investment."

My current annoyance factor is pretty high (dealing with performance issues and seeing how those will pan out if I throw RAM at them).

But the Mac-based work is only part of what I do. Most of it is dedicated instrument/processing hardware.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 24, 2013, 05:46 AM
 
Originally Posted by Spheric Harlot View Post
Sure. I know a couple of support techs/firms that are Mac-only.


As for myself, I base large parts of my work on the Mac platform because it's what I'm accustomed to and because I'll gladly pay to have technology get out of my way when it can. Path of Least Annoyance, if you will. Not sure whether that constitutes "emotional/ideological investment."

My current annoyance factor is pretty high (dealing with performance issues and seeing how those will pan out if I throw RAM at them).

But the Mac-based work is only part of what I do. Most of it is dedicated instrument/processing hardware.

I feel the same way.

To me the ideological investment thing is when you feel compelled to evangelize and convert other people to the platform, or you feel compelled to defend the platform when attacked just to preserve its positive reputation. Me, I don't give the slightest hint of a rat's ass what people use to do their stuff on, and I'd gladly switch to anything that can help me do my work better (or cheaper, providing that my productivity wasn't jeopardized). There was a time when I used to encourage people to use a Mac, or switch to one.

Some of the Newsposter responses from people that want to bash Apple or defend Apple fall into this category, in my opinion. I don't and can't judge since I was that way, but in retrospect it now seems pretty silly.

Maybe a part of the old days of evangelizing was the thought that more platform adoption would prolong Apple's existence, where of course these days Apple doesn't need any of our help on this front.
     
djbeta
Junior Member
Join Date: Jan 2004
Status: Offline
Reply With Quote
Oct 5, 2013, 09:27 PM
 
That bullsh** facial recognition crap on the Android side is 1000x easier to fake than a finger print..

My point is that the fingerprint is a much better idea to use as a passcode..
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Online
Reply With Quote
Oct 6, 2013, 03:49 PM
 
Originally Posted by Spheric Harlot View Post
Sorry, but unless something has changed, the face recognition is useless (since it can be thwarted with a photograph displayed on a smartphone screen, and patterns are no less tedious than passcodes.

The point of Touch ID is that it's (potentially) more secure AND less annoying than a passcode.
In terms of the "annoyance factor" I've mastered unlocking my phone as it comes out of my pocket. Don't really see facial recognition or a passcode accomplishing that. Like, ever.
     
subego
Clinically Insane
Join Date: Jun 2001
Location: Chicago, Bang! Bang!
Status: Online
Reply With Quote
Oct 6, 2013, 04:41 PM
 
That said, shif sort of has a point. A fingerprint (and other biometric data) is inherently a user ID.

The platonic ideal of a password is a hidden, giant random number.

A fingerprint is actually a decent simulation of a giant random number, so it can do double duty as a password. It's basically impossible to brute force.

On the other hand, the ability to effectively hide it is limited, so people with the determination can copy it.

It's similar to having your user ID and password being the same, but the user ID being something no one could realistically guess.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:16 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,