Closed Nolaan closed 10 years ago
marknsikora
commented
11 years ago This is a rather bad idea in my opinion. Have a look at this article for a good explanation why. http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html
Nolaan
commented
10 years ago I get the point in this blog post, but the writer didn't provide a cheap method to replicate fingerprints. To me that means if the attacker has the means to do it, he should have the means to retrieve your passwords also... Plus you have let's say 10 and up to 20 fingerprints, what avoid you to make a combination with 4 and more of them?
marknsikora
commented
10 years ago Cheap is a completely relative scale. Assume that someone trying to brute force your text password would check all alphanumeric combinations. This means that a 4 fingerprint password would be slightly less secure than a 3 character password. Now if you have an 8 character alphanumeric password that would take my GPU over 200 years to crack. So compare which is cheap by comparison, duplication a finger print or 100s of years of computation.
As for the actual quality of finger print readers, they are not that great to being with. They don't look for an exact match but rather a high probability match. I once saw an demonstration where a cheap fingerprint reader was bypassed using some tape and graphite powder. And let's be honest, do you think the fingerprint scanner on the Atrix is top quality.
As with anything in the world of security you ultimately have to make a trade off between security and usability. A fingerprint scanner makes things very usable but not very secure.
I would like to have the feature of unlocking the app with my Motorola Atrix 4G fingerprint sensor.