>I can rekey my house locks, I can change my password, I can.... what my fingerprints?
Years of poor security have taught us that we need our authentication to be easily changeable in order to be secure. It's not true. Passwords need to be changed because they can be guessed. They can be leaked. Any person sitting down at any keyboard could type any random string of characters and, given enough time, figure out someone's password. It doesn't work the same for fingerprints. There is no number of times I can press my finger on your scanner and trick your scanner into thinking I am you. Your fingerprint only needs to be changed if someone steals your finger and keeps it in a state where modern fingerprint scanners will still recognize it. That is exceedingly difficult to do.
We need to get it out of our mind that "we change our passwords regularly, we should change our fingerprints too". Bad security advice led to routine password expiration, and that bad security advice lives on. It's still bad.
>it's clear that fingerprints are closer to username than password
That is not clear in any way, either in theory or in practice. The entire argument works on "fingerprints are publicly visible and cannot be changed" which would suck for a password, but fingerprints are not a password. That's why there's an entirely different name for it. Yes, I can see your fingerprint. But TouchID isn't going to be fooled by a piece of scotch tape lifted from your desk, so it doesn't matter.
Fingerprints are neither a username nor a password. They are a uniquely identifying attribute. Usernames and passwords are not. There is no comparison between the two authentication systems.
> There is no number of times I can press my finger on your scanner and trick your scanner into thinking I am you.
Or I could print random patterns on gel circles I put on my finger and try until one works, which is the equivalent of your password example. (There are digital equivalents of spamming fingerprint reader values to the security chips, which in practice are faster.)
It's exceedingly easy to try a fake fingerprint, and even if it weren't, it would still be possible to generate fake signals between the sensor and verification chip or fake signals to the sensor. There's no difference here between finger prints and passwords.
> Passwords need to be changed because they can be guessed.
lol, no.
Passwords need to be changed when they're compromised -- a good password is exceedingly hard to guess, to the point we should never expect it to happen, but they can be leaked through other means.
Similarly, you leave you fingerprints everywhere. So you actually leak your fingerprint values constantly while leaking password values only occasionally. This makes passwords substantially more resistant to capturing the value out-of-band than fingerprints.
> we change our passwords regularly,
This isn't best practice and isn't what most of us do; we change our passwords when they become compromised, which happens through a variety of mechanisms. (Or when we suspect that they may be compromised.)
> Bad security advice led to routine password expiration, and that bad security advice lives on. It's still bad.
Everyone knew this was bad, and NIST recently updated their recommendations against routine password expiration. However, that has nothing to do with what we're talking about in terms of username-versus-password status for fingerprints.
> it's clear that fingerprints are closer to username than password
> fingerprints are not a password
Well, I'm glad we agree.
> But TouchID isn't going to be fooled by a piece of scotch tape lifted from your desk, so it doesn't matter.
But it is fooled by easy-to-produce prints placed over my finger based on the Scotch tape lifted from your desk. This has routinely been demonstrated with fingerprint scanners, including on iPhones.
> They are a uniquely identifying attribute.
That's what a username is, lol.
I'm going to recommend you learn more about most of these things before you make security recommendations, because you were factually wrong a few times, and made erroneous conclusions based on that.
Your opinions are based on exceedingly bad and outdated security practices, and you seem proud of this for some reason.
I'm wondering what you might say if you were living in the time when cars began to replace horses. Would you have said cars were a terrible mode of transportation because they won't defend themselves against a thief and don't consume hay?
Yes, your argument is based on the idea that fingerprints can't be leaked in practice, which is false.
It's worked for years against a variety of scanners, and is likely always going to be viable because of how scanners work -- a thin overlay can be made of things that are indistinguishable from a finger surface to the scanner, but which triggers the critical points.
If you think that's changed in the past few years (which you seem to), I would appreciate something a little more substantive than your random comment on HN.
Years of poor security have taught us that we need our authentication to be easily changeable in order to be secure. It's not true. Passwords need to be changed because they can be guessed. They can be leaked. Any person sitting down at any keyboard could type any random string of characters and, given enough time, figure out someone's password. It doesn't work the same for fingerprints. There is no number of times I can press my finger on your scanner and trick your scanner into thinking I am you. Your fingerprint only needs to be changed if someone steals your finger and keeps it in a state where modern fingerprint scanners will still recognize it. That is exceedingly difficult to do.
We need to get it out of our mind that "we change our passwords regularly, we should change our fingerprints too". Bad security advice led to routine password expiration, and that bad security advice lives on. It's still bad.
>it's clear that fingerprints are closer to username than password
That is not clear in any way, either in theory or in practice. The entire argument works on "fingerprints are publicly visible and cannot be changed" which would suck for a password, but fingerprints are not a password. That's why there's an entirely different name for it. Yes, I can see your fingerprint. But TouchID isn't going to be fooled by a piece of scotch tape lifted from your desk, so it doesn't matter.
Fingerprints are neither a username nor a password. They are a uniquely identifying attribute. Usernames and passwords are not. There is no comparison between the two authentication systems.