A reader, Gina, asks, “I heard something on the radio that for security reasons it is not safe (secure) to use your thumbprint to log into your phone or any of your email or other accounts that have this choice. Could you answer this for me?"
The answer, as with a lot of things related to your digital security, is complicated and fairly relative. To use Apple’s Touch ID as an example, the technology itself has been hacked since it was rolled out in 2013 as people have found creative ways to bypass the fingerprint sensor or fool it with fake prints. That said, because Touch ID never sends your fingerprints to Apple or even stores your fingerprint data in iOS or iCloud, there’s no way for someone who doesn’t have physical access to your actual phone to get into your device via Touch ID.
On the other hand, if someone does spoof your fingerprint, they can use that for the rest of your life; you can’t change it like a password. But if someone is determined, they probably don’t need your phone to steal your fingerprints; you leave them on doorknobs, elevator buttons and many other places every day. A recent research paper suggests it’s not impossible to create a master set of fingerprint keys that take on the most common characteristics with about a 65 percent success rate in some instances. And the more fingers you scan into Touch ID, the easier it is for a set of fingerprint keys to make a match.
So, fingerprint scanners can make devices more convenient; they may allow you to bypass typing in a password and make you feel better about making digital purchases than handing over a credit card. But so-called biometric scanners are still far from a perfect solution and less secure that companies such as Apple might like you to believe.
Every week, we’ll define a tech term, offer a timely tip or answer questions about technology from readers. Email email@example.com with questions or topic suggestions.
News on Open Source is free and unlimited. Access to the rest of 512tech.com comes with an American-Statesman digital subscription, which also includes myStatesman.com and the ePaper edition. Subscribe at statesman.com/subscribe.