The ISC and other articles below share important considerations on fingerprint security controls:
https://isc.sans.edu/forums/diary/Am+I+using+my+Fingerprints+yet+/16646 http://www.theguardian.com/technology/2013/sep/22/apple-iphone-fingerprint-scanner-hacked http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
QUOTE: Biometrics are not safe, says famous hacker team who provide video showing how they could use a fake fingerprint to bypass phone’s security lockscreen. For me, this brings up both sides of “the fingerprint discussion”
KEY CONSIDERATIONS OR DISADVANTAGES
* You can’t change your fingerprints – once a real copy of them are compromised, they are compromised forever
* A representation of your fingerprint is stored on the device. So if the device is lost or stolen, this representation could be used to compromise other things, if they use the same representation of your fingerprint (ie – any other device that uses the same manufacturer’s hardware). Again, once stolen, they are stolen forever.
* After a couple of years, you’ll likely trade your phone in for a new one, and today there isn’t a way to know that a wipe of the phone wipes the saved representation of your fingerprint
* Your fingerprint may be backed up with your phone backup. Historically, your phone’s backups have been easier to pillage than your phone.
* If your phone is damaged, you may not have a way of wiping it
KEY BENEFITS OR ADVANTAGES
* On any given day, using your fingerprint is likely MUCH more secure for you than the 4 digit code you are likely using
* Since your phone code likely matches either your phone number or your bank code, either it’s very easy to guess, or compromising it might have other unpleasant consequences for you.