Can anybody explain why people often calls any biometrics authentication a joke? I see such opinions quite often every time somebody discuss anything password/crypto related.
I think fingerprint (for example) make great login/username (i.e. hard to change, always with you) but bad password (assuming you leaving them everywhere).
>>60050272
I agree, biometric data is very sensitive! especially when its being used almost everywhere. we don't realise how deep SH!t can get!!
Fingerprints are relatively easy to obtain (just take a really high res picture of a surface they touched), most fingerprint sensors are shit and are easy to force through, and the government can force you to give up your fingerprint if they want access to your content unlike with passwords.
Other biometrics are worse. You're literally flaunting your "password" around constantly, everybody can see it. Obviously it's shit.
biometrics should be thought of as a username as opposed to a password
>>60050401
So true
>>60050272
For a long time, biometric data was generally stored unencrypted. Fingerprint scanners still haven't managed to live that reputation down.
>>60050401
this.
biometrics should be viewed either as an identifier (i.e. a username) or another step of authentication. (i.e. plaintext password + biometric)
because your fingerprint is a physical object, the US government can force you to give up your fingerprint, unlike a password which is mentally stored and thus non-physical.