I had this discussion with a friend the other day, who is now the proud owner of a fingerprint protected front door and smartphone, but since fingerprint scanners are creeping into more and more security appliances, it is worth repeating it here.
When you unlock your phone, frontdoor,… with your thumb, then you are using your fingerprint as a password. The three golden rules of password security are:
- Never write your passwords down. Someone might swipe your notes
- Never use the same password for different services. Otherwise you enable them to access each other.
- Change your password when it gets compromised.
Fingerprints violate all of these rules when used as passwords! You “write” your fingerprint down whenever you touch a smooth surface (e.g. when closing the trunk of your car, parked conveniently next to your fingerprint protected front door). You can’t change your fingerprints once they get lifted (e.g. from the trunk of your car parked next to your fingerprint protected front door). Since you only have one set of fingers, you automatically end reusing the same “password” for different services (can you be sure, your smartphone won’t backup your prints in some cloud?).
My friend pretty much has the following problem right now: the instructions for his front door lock said to train it with at least three fingers per person. This is to increase the likely hood of still being granted access in case of swollen (injured, dirty,…) fingers. Unfortunately, it also increases the likely hood of someone swiping a “good” print from the trunk of his car (parked next to his front door). Would a burglar trouble himself with lifting fingerprints? Judge yourself. It takes considerably more effort than using a crowbar, but once in he’s likely going find a complete set of prints in the kitchen, promising perpetual access.
However, my friend has a much bigger problem than worrying about geek burglars: once he decides to travel outside of the EU, he will need a passport and thanks to the US, passports nowadays mandate two fingerprints. That’s something to think about! By concatenation of circumstances, he might end up with putting his “door key” in escrow with the government.
However, my friend has a much bigger problem than worrying about the geek burglar and the government spy having a party at his home: fingerprint sensors are complex electronic devices, you, the user, have little or no control over. In particular not, if they are network enabled and/or not in your possession. When my friend unlocks his smartphone, he can’t be sure that his scans won’t be backed up in the manufacturers cloud for <insert stupid reason here>. When he travels abroad, he can’t be sure that the foreign country won’t keep a record.
The real problem with fingerprint locks is that the more of them you use, the more valuable your prints become for criminals and rogue governments alike. Each “security” provider you trust with your scans is both, a potential data leak and a target. Let me illustrate the point by asking what might happen once supermarket chains start rolling out “fingerprint pay” at their checkout points? Obviously, you’d have to register your fingerprints along with your billing address in a central database (so you can shop at any store of the chain). You really don’t know if the system stores the raw scan (that would be stupid – but then again, if security was a concern, they wouldn’t bother with this technology to begin with) and who has access. In particular, you can’t be sure that some underpaid technician of a subcontractor won’t sell a copy of the database to the mafia in order to make a quick buck (that’s the “hackers” you keep reading about so often – staffers with too much access for their income level). Needless to say that this doesn’t look good for you if your front door is “protected” by a fingerprint lock. Of course, it works the other way around, too. If there is a supermarket in town that accepts fingerprint payment, then it is very likely that someone with a fingerprint protected front door will also be registered there.
