Touch ID and other fingerprint scanning technologies are wonderfully convenient additions to our smartphones that enable easy mobile payments and quick device unlocking. However, Elliot Williams at HackADay has written a thought-provoking essay explaining why you should never rely on Touch ID in lieu of using a password on your device, no matter how convenient it is.
First, Williams acknowledges the obvious: Passwords are terrible and they’re not all that secure. But as much as we may hate passwords, he argues that relying on Touch ID for mobile security is a much worse option. There are many reasons for this and the most obvious one is that your fingerprints are not some unique secret that’s difficult to come by.
“You leave your fingerprints everywhere,” he explains. “They can be picked up off of paper, keyboards, and desk surfaces. You wouldn’t leave your password written down on a sticky-note attached to your monitor at work, would you? If your work is using your fingerprint for authentication, your password is probably on your monitor right now.”
And of course, hackers have already shown they can copy users’ fingerprints using several different methods including swiping an image of a fingerprint take from a photo. Other problems with fingerprints include the fact that you can’t just reset them like you’d reset a compromised password and the fact that fingerprints can’t be hashed the way passwords can.
Williams’ entire essay is very much worth your time — check out the whole thing here.