How is a passcode lock possibly more secure than biometrics?


In every device that you can unlock with biometrics like fingerprint or face scanner (Laptops, Tablets, Phones, etc.), they often claim entering a password is safer than using biometrics, and they block the most secure settings and information behind a passcode rather than a quick fingerprint or face scanner. Wouldn’t it be easier to steal a password than it would be to physically copy someone’s fingerprint?

In: 5

If you’re unconscious you can’t enter your password but somebody could use your fingerprint to unlock your device.

I can change my passcode but how easy is it to change your fingerprint if it did get stolen?

Yes, getting the initial biometric token might be difficult depending on the technology used, but once compromised, you can’t do anything about it.

The police or courts can force you to use your biometric data to unlock your device. They cannot force you to enter a password/code.

It’s down more to the accuracy of the scanners and stuff.

There’s tons of exploits and approximations, especially for faces, tons of devices will open at a picture of someone’s face or them sleeping or something, or a printed paper version of a thumbprint…

Facial recognition in particular has been called “Security Theater” a lot, it fucks up so much and can be fooled a ton.

Imagine a case where you’re kidnapped or arrested and they want to open your phone… if its biometric it’ll take a few seconds?

It’ll be better eventually, but the type of stuff they were rolling out en masse with laptops and phones and stuff is hot garbage, it’s basically pretend security.

It’s not as black and white as one is better than the other. No security is 100% infallible, and that’s really the crux of the concern with biometrics – if a password is compromised you change it, if I were somehow able to reverse engineer your face from your Facebook photo and use it to fool a facial recognition check, you’d have a pretty hard time changing your face.

Passwords have their own issues, obviously they tend to be simpler and memorable to the user, which leaves them open to being found out or socially engineered etc,

It really comes down to the right tools for the right job, if you’re securing your photos from your last summer holiday password1 may suffice, if you’re talking about nuclear launch codes, you probably want to be adding two factor authentication of some sort.