Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

1. A fingerprint is something you cannot change, cannot revoke if leaked and cannot be unique across different sites.

2. A fingerprint hash isn't a cryptographic hash because you need to be able to match to nearby matches. A small variation in input needs to have a small variation in the hash so a distance function can be applied.

Those are terrible properties for a password.



> A fingerprint is something you cannot change

Many builders/carpenters/etc will tell you this is not true. People who work in abrasive environments sometimes without proper protection often temporarily have no fingerprints as they are "warn off".

Many injuries can effectively modify or remove the too, at least temporarily.

This makes them bad usernames as well as bad passwords.


> People who work in abrasive environments sometimes without proper protection often temporarily have no fingerprints as they are "warn off".

Do they come back in the same form as they previously were?


Either way, this is a terrible argument toward good security. "Oh, someone got a copy of your fingerprint? No problem! There's a belt sander right over there!"


This is a sore point with the new iphones for me. It happens at least once a week with routine hobby-farm work. I'm really looking forward to getting faceid.


Interesting. I wonder if anyone has studied what it would take to render fingerprints useless? Like N minutes/day of sanding with Y grit sandpaper?

Additionally, I was under the impression that some fingerprint readers looked at the blood vessels rather than the actual prints. Not sure how that would be affected by abrasion. Perhaps this is a misunderstanding on my end.


An example that can affect many people: my iPhone can't read my fingerprint when I'm sweating at the gym.


IMO, you don't even need any arguments beyond #1. Your fingerprint can't be changed and it's public information. You leave traces/copies of it everywhere you go. Just because it's more difficult to read now doesn't mean that technology won't make lifting and reusing your oily prints trivial someday.

Would you create a rubber stamp of your passwords, slather it with oil, and then go around stamping it on everything you own and everywhere you go?


This is the current case with SSN's in North America. A unique identifier being treated as a password cannot act as a password.


But you have 10 of them (20 counting toes). Why can't you just cycle through them as needed?


"Press your toe here" has to be some of the worst ux ever


I see that you haven't used git.


You can just keep your socks on to protect your login toeprint when not in use.


furthermore, you can combine your fingers/toes in specific unique combinations. it's foolproof


I like it. Two factors in one! Even allows panic passwords.


And let's not forget that some people don't have fingerprints




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: