In every device that you can unlock with biometrics like fingerprint or face scanner (Laptops, Tablets, Phones, etc.), they often claim entering a password is safer than using biometrics, and they block the most secure settings and information behind a passcode rather than a quick fingerprint or face scanner. Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?
In: 5
the biggest difference between a password or passphrase and biometrics is that biometrics are not deniable if the attacker has the right or ability to interrogate you.
if i can arrest or kidnap you, i can force you to undergo whatever is necessary to authenticate a biometric authentication device.
with a password or phrase, you can pretend to have forgotten it, which would dampen most legal challenges, and would force an evil attacker to torture you to get the info (this is called a “rubber hose” attack, from the idea of beating you with a wet rubber hose until you break). and even with a rubber hose, they can never be sure you haven’t actually forgotten it.
>Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?
in an absolute sense, yes, but with strong pass*phrases*, it’s not going to be significantly weaker.
in reality, if you want something to be really secure, you use multi-factor authentication anyway, which means you use more than one type of authentication technique.
there’s 3 broad categories of authentication technques.
things that test something *you know* (like a password)
things that test something *you have* (like a physical key or a token dongle, or more modern: your phone)
and things that test something *you are* (biometrics).
so like a truly secure system would force you to put in a secure passphrase, type in a time-sensitive code from a token, and also do a retina scan in order to access the resource in question.
Latest Answers