Skip to main content

Your Fingerprint Sensor May Be Convenient, But It’s Not Very Safe

* Biometric verification is becoming more popular at the expense of privacy
* Fingerprint confirmation is found to be less secure than traditional passwords
* With more biometric data online, your fingerprints could be easily compromised

A tap of a finger gives you instant access to your bank statements, credit cards, email accounts, social media profiles and more. You’d think that something as intricate as a person’s fingerprint would provide better security than some generic four to seven letter password. Sure, you’d think that, but you’d be wrong.

While biometric sensors may be convenient and quick, they’re painfully easy to mimic. Just last month, a joint study conducted by researchers at the University of New York and Michigan State found that fingerprint scanners were far less secure than traditional passwords. While a human fingerprint is, in essence, very complex, the digital sensor incorporated into most smartphones today is incredibly small, and is only able to read part of your fingerprint.

This is part of the reason why most phones require up to 10 separate images in order to set up an accurate biometric print. By recording more images of the same finger, and in some cases, different fingers on the same hand, your phone’s biometric software is essentially putting together pieces of a puzzle — in this case, your unique fingerprint. However, incorporating numerous images into one whole, leaves more room for partial matches, making it easier for a hacker to essentially fake your prints. 

Then, there’s also the fact that unlike your passwords, your fingerprints can’t be changed, which means if they become exposed there’s essentially no real way to fix it. Couple this with the fact that the US government currently has millions of fingerprint records stored online and you have the perfect recipe for a disaster.

While we’re not saying you should ditch your fingerprint sensor altogether, it may be wise to keep your old passwords around just in case.