This post is more than three years old so may contain incorrect information, or opinions I no longer hold.

Are Biometrics A Good Idea?

30 Sep 2018 | ~2 minute read

Like most people, I use a fingerprint scanner on both my iPad and my phone, but are biometrics a good idea? Personally, I’m not sure.

This is going to be a relatively short post; more of a question than a full post actually.

For me, it boils down to the old adage of security vs convenience. On the one hand, it’s important to make applications secure, but the barrier for entry has to be low.

I wouldn’t expect an average user to be able to manage their own SSH keys, let along use an SSH session at all. But we all know that SSH is very secure; that’s because SSH takes security over convenience.

Are Biometrics a good idea?

On the whole, I think they are – they are definitely more secure than having nothing, or those stupid swipe patterns that Android uses.

But what if a threat actor released a zero-day vulnerability that compromises the fingerprint algorithm that many devices uses? Or maybe Apple’s face recognition gets popped. What then?

I can change my unlock passcode (or pattern if you’re that way inclined), but I can’t change my fingerprints, or the way my face looks.

Ok, maybe I can.

Thoughts?

Granted the whole zero-day thing may be pretty edge case stuff, but in security we need to think about those edge cases.

What do you think? Are we leaving ourselves open to compromise by essentially using a method of authentication that cannot be changed? I’d love to hear your thoughts in the comments section below.

← The one before
How Migrate from Disqus to WordPress and Bypass Disqus’ Roadblocks

Up next →
Why I Use Linux

Get in touch!

Receiving emails from my readers is my favourite thing, so if you have something to say, feel free to drop me an email or sign my guestbook.

Want more content?

Say no more, dear reader. Here's three random posts from this blog for you to peruse:

Blogs, Gardens, and Thinking Aloud in Public
21 Oct 2023

I Now Know How To use Git
11 May 2020

Running a Social Platform as Someone Who Dislikes Them
02 Aug 2023

Want to be informed when I post new articles? Simply enter your email address below and you will get an email whenever new posts are published.

Alternatively, you can subscribe via RSS instead.

Enjoyed this post?

I put a lot of work into maintaining this site and I really enjoy interacting with my readers.

My fuel of choice is coffee, so if you did enjoy this post, or found it in any way useful, I'd appreciate more fuel to keep me going. ❤️

Buy me a coffee