Biometrics have a long history in security systems, particularly where security is taken seriously. Fingerprint readers are usually used in addition to other factors, e.g. Access token, key, or password, or some combination of such. Leading to the phrase “something you know, something you have, something you are”.
The parody: “something you forgot, something you lost, something you were” highlights that even biometrics can fail. This doesn’t necessarily mean losing a finger, or a bad cut may lock you out, most systems I’ve used register two (or all) your fingerprints to mitigate this risk.
Using a fingerprint without other methods to unlock a device raises other issues I haven’t seen discussed elsewhere.
The media is replete with people worrying about fingerprint databases, which may be a valid concern. However, most of us leave our fingerprints everywhere including all over our smart phones, so finding them surreptitiously is probably not hard for malicious attackers, private detectives or discrete law enforcers.
Some biometric scanners attempt to establish if the user is still alive. You don’t want dead generals unleashing nuclear war. However biometric scanners have a harder time establishing if the user is fully conscious, and consenting.
One can imagine suspicious spouses unlocking their partner’s phone whilst they sleep, or are otherwise unable to resist (not suggesting anything).
Stag nights might include a new smartphone unlock step, should the groom-to-be not hold his drink well.
Perhaps more pertinently law enforcement or immigration would no longer need to threaten jail to get keys divulged, they might just manhandle you to unlock a device if a fingerprint is all that is needed.
For many uses fingerprint unlock is convenient and better than no security code, but those opting for this approach had best understand the different failure modes. Most of us won’t resist interrogation or legal pressures to unlock a device with a pass-phrase, code or pattern, but in most cases we will at least know when we have been forced to divulge our secrets.
Fingerprint in addition to other techniques raises the barrier and raises far fewer new or unique questions.
Simon is not an expert on biometric security but has by-passed the fingerprint scanner on a previous colleagues laptop before. Turns out we leave our fingerprints on cheap fingerprint detectors as well.