← Back to Topics

Fingerprints Not Passwords

The cluster debates the misuse of fingerprints and biometrics as secure passwords, emphasizing they function better as usernames or identifiers due to their unchangeable nature, spoofing vulnerabilities, and presence in public databases. Users advocate for traditional methods like PINs and highlight risks of coercion and permanence.

πŸ“‰ Falling 0.3x Security
5,373
Comments
20
Years Active
5
Top Authors
#6034
Topic ID

Activity Over Time

2007
1
2008
5
2009
35
2010
52
2011
60
2012
118
2013
532
2014
198
2015
234
2016
500
2017
524
2018
321
2019
418
2020
324
2021
525
2022
412
2023
520
2024
320
2025
255
2026
19

Top Contributors

JoeAltmaier (22) mikeash (22) therobot24 (20) Spivak (20) acdha (18)

Keywords

JOKE digitalcourage.de not.html ID SSN wikipedia.org PIN dustinkirkland.com TOTP ycombinator.com fingerprints fingerprint biometrics biometric password spoof passwords usernames username authentication

Sample Comments

evan_ β€’ Sep 5, 2013 β€’ View on HN

Surely it's not just storing a .png of your fingerprint.

dragonwriter β€’ Jun 22, 2016 β€’ View on HN

If you use fingerprint to confirm username, you have to have an alternate means to do that, because fingerprints can be destroyed.

schrodinger β€’ Feb 17, 2016 β€’ View on HN

It's the "which finger" that becomes similar to a password, not the fingerprint (ianal)

dragonwriter β€’ Dec 28, 2016 β€’ View on HN

Fingerprints are neither really suitable as usernames (because you can neither guarantee that users have them or that thhey don't change outside of your and the user's control or, really, even that they are unique, though they are conventionally assumed to be so) nor passwords (because they aren't secret, can't be changed if compromised, etc.)

lerie82 β€’ Dec 26, 2017 β€’ View on HN

Shouldn't they just do a fingerprint scan then?

httpsterio β€’ Oct 13, 2019 β€’ View on HN

Touch based are not better. Your fingerprint is not a password, it's just an identifier and shouldn't be treated as a secret.

semi-extrinsic β€’ Apr 14, 2016 β€’ View on HN

Because this is the assumption behind using fingerprints as authentication.

aarongray β€’ Jun 25, 2020 β€’ View on HN

A fingerprint can be a personal password or it can be a government ID, but it can’t be both. Since the U.S. government already has something like 200 million fingerprints on file, and many foreign governments collect fingerprints whenever you travel, these fingerprints are sometimes leaked en masse (https://en.wikipedia.org/wiki/Office_of

tiziano88 β€’ Sep 10, 2013 β€’ View on HN

That's not how fingerprint scanners normally work I'm afraid...

throwawayapples β€’ Mar 2, 2023 β€’ View on HN

Biometrics are not secure. see https://news.ycombinator.com/item?id=34913240