Hacker News new | past | comments | ask | show | jobs | submit login

But I think you missed the point about the second factor, because there are really 2 factors here:

1. Something you have (e.g. your phone, in this case the Secure Enclave that stores the private key).

2. Something you 'know', e.g. your fingerprint.

Just having the fingerprint itself is not sufficient.




That's a good point that it is more nuanced. The issue I think is that organized crime and unscrupulous governments are getting better at connecting these things so they are not as cleanly separated as they have been in the past. Just look at China. Essentially spyware and viruses are installed at checkpoints on people's phones and biometric tracking is becoming very commonplace. I don't think it will be long before organized crime begins to get better at this too. As such, being able to change that "something you know" is a very powerful countermeasure.


This is key. I just hope this never changes and we never end up in a situation where the fingerprint is all that is used.

Because for most non technical user, my bank app asking my fingerprint to unlock the app is exactly that. They don't really get the difference.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: