You leave your fingerprints everywhere, and if it is compromised once you’re shit out of luck. Your lifetime supply is 10 of them and I want to see people try to unlock their phone with pinkies instead of thumb/index finger.

Meanwhile a password is ideally only known to your brain and maybe a secure password manager.

> Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?

Easier for who? And “steal” how? Anyone can see my face, and if you’re determined you can get my fingerprints too. But unless you can read my mind, you have no way to get my password (unless I get careless). And even if you do get it, I can change my password, which is more than I can say for my face or my fingerprints.

Sure, it takes more work to unlock a device using someone else’s biometrics, but it’s a lot easier to get the necessary information. Who are you trying to keep out? If you’re just trying to prevent your friends from unlocking your phone to play pranks on you, biometrics are probably just fine. But if you’re worried about government surveillance, corporate espionage, or serious blackmail, you have to assume your adversary is determined enough to spend time or money faking your biometrics. (The equipment to do that only costs a few hundred bucks at most.)

the biggest difference between a password or passphrase and biometrics is that biometrics are not deniable if the attacker has the right or ability to interrogate you.

if i can arrest or kidnap you, i can force you to undergo whatever is necessary to authenticate a biometric authentication device.

with a password or phrase, you can pretend to have forgotten it, which would dampen most legal challenges, and would force an evil attacker to torture you to get the info (this is called a “rubber hose” attack, from the idea of beating you with a wet rubber hose until you break). and even with a rubber hose, they can never be sure you haven’t actually forgotten it.

>Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?

in an absolute sense, yes, but with strong pass*phrases*, it’s not going to be significantly weaker.

in reality, if you want something to be really secure, you use multi-factor authentication anyway, which means you use more than one type of authentication technique.

there’s 3 broad categories of authentication technques.

things that test something *you know* (like a password)

things that test something *you have* (like a physical key or a token dongle, or more modern: your phone)

and things that test something *you are* (biometrics).

so like a truly secure system would force you to put in a secure passphrase, type in a time-sensitive code from a token, and also do a retina scan in order to access the resource in question.

Passwords can be changed, biometrics cannot. But I don’t know if I agree that passwords are more secure than biometrics, in fact some security experts [say the opposite](https://www.forbes.com/sites/louiscolumbus/2020/03/08/why-your-biometrics-are-your-best-password/). Passwords have to be committed to memory and thus are often weaker than they should be, biometrics can be as strong and unique as the hardware permits.

Besides that, there are other trade-offs. As a general rule, biometrics can be obtained without your compliance, but if it does happen you are likely somewhat aware of it (you were kidnapped, physically forced onto the scanner, finger chopped off, knocked unconscious etc). Whereas a password can only be obtained through your own actions, but you aren’t necessarily aware of it happening (surveillance, deception, spyware, remote access etc). (Yes, you can also [coerce a password out of someone](https://xkcd.com/538/), but that particular scenario is no less secure than using biometrics.)

It’s safer in a legal sense. In the US (and other places too but I don’t know the specifics) the government can make you unlock a device with a fingerprint or other biometric marker, but they cannot make you give them a password (they can of course just do some [rubber hose cryptoanalysis](https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis) and some [parallel construction](https://en.wikipedia.org/wiki/Parallel_construction) but that’s a separate matter).

It’s also safer in a technological sense. You could steal a password from, say, an insecure database that’s storing them unsafely, but you could steal a biometric identifier in the same way. You could steal a password that’s been written down in a notebook somewhere, and you could take someone’s fingerprints by snagging their keys or something. But if you’re responsible, you won’t be writing your password down. You can’t choose not to leave fingerprints when you touch stuff though. And, importantly, *you can change a password if it’s compromised, you can’t change your biometrics*. That’s a problem if someone does some hacking, or if they just [look enough like you](https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/), or [even has the same fingerprint](https://www.crammlawfirm.com/fingerprint-match-jails-innocent-man/).

> Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?

There was a case where a dude snapped a picture of the German defense minister’s hand during a press conference. He used that pic to pull a viable fingerprint and later challenged her that he could get into her phone. She accepted and indeed he gained access.

For the password though, someone would have to physically intimidate you to get into the phone. The US gov is not allowed to do that. Additionally, the supreme court has ruled the gov can’t compel you to give up your password due to the 4th amendment (unreasonable searches and seizures).

There are two aspects to access control. You can either test based off of what/who you are, or what you know.

Who/what you are is hard to copy, but also hard to hide or change. If someone wants to unlock your phone, they only have to physically overpower you and put your face/finger to the phone to unlock it. However, if they don’t have access to your physical self, then they’ll have a very hard time getting it.

What you know is easy to copy, but easy to hide or change. Someone can copy your password any number of ways (phishing, key-logger, simple surveillance, etc.) and then use it easily. However, if you know your password has been breached (or just every once in a while), you can easily change the password and the attacker will be back to square one.

Biometrics provide no protection against someone who is physically interacting with you, while passwords can always provide some level of protection (even if it requires resisting physical injury).

One thing that may be relevant in some cases is that a passcode is looking for an exact match, whereas two pictures of the same face will be different because of lighting, smiles, and so on. Biometrics are usually measured on some sort of “close enough” basis.

One thing that means is that a password can be mashed up with some complicated maths to make an encryption key. That key can be used to keep files on your phone safe from prying eyes. The same sorts of maths doesn’t work for biometrics, because two things which are close but not the same wind up making completely different and very wrong encryption keys.

I see this on my phone, for example, in that I can use my fingerprint to log in normally but I have to use a PIN to log in if the phone restarts. That makes sense because restarting the phone makes it forget the encryption key, and only the PIN is able to tell it what that key was.

I can use your dead body to pass any biometric scanner on your phone. Ask me for a randomly generated passcode you memorized? *Dead horse analogy here*

Biometric locks do not have any form of lockouts, since they are prone to read errors. Password locks can have backoffs and lockouts when incorrect entries are made. This means that a password-based lock has a limited number of attempts. Some go so far as to wipe the device when you get too many attempts wrong.

A fingerprint is also very accessible while you’re unconscious, while a password isn’t.

In many jurisdictions around the world, you can be legally compelled to provide a fingerprint, but you are not legally compelled to provide a password.

If a copy of my fingerprint is stolen and can somehow be recreated, I can’t change my combination, but I can change a password.

So yeah, lots of reasons why passwords are superior from a security perspective.