Linked by Thom Holwerda on Wed 13th Sep 2017 21:56 UTC
Privacy, Security, Encryption

If you value the security of your data - your email, social media accounts, family photos, the history of every place you've ever been with your phone - then I recommend against using biometric identification.

Instead, use a passcode to unlock your phone.

Can't argue with that - especially in place where law enforcement often takes a... Liberal approach to detainees.

Thread beginning with comment 648854
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: You can deactivate it
by sj87 on Thu 14th Sep 2017 10:17 UTC in reply to "You can deactivate it"
sj87
Member since:
2007-12-16

It isn't true security when enabling it requires active measures from the user.

Reply Parent Score: 3

RE[2]: You can deactivate it
by mkone on Thu 14th Sep 2017 10:23 in reply to "RE: You can deactivate it"
mkone Member since:
2006-03-14

FaceID and TouchID are also about convenience. And security that is not convenient is bad security too as people will just disable it.

Besides, this is optional. You can disable TouchID and FaceID completely. Just don't register your face or fingerprints, and no one in the world can force you to unlock your phone using your face/fingerprints!

Reply Parent Score: 2

RE[3]: You can deactivate it
by Alfman on Thu 14th Sep 2017 14:27 in reply to "RE[2]: You can deactivate it"
Alfman Member since:
2011-01-28

mkone,

FaceID and TouchID are also about convenience. And security that is not convenient is bad security too as people will just disable it.


I agree, while it's not very secure to use physical appearances to login, at least people don't have to use it.


Besides, this is optional. You can disable TouchID and FaceID completely. Just don't register your face or fingerprints, and no one in the world can force you to unlock your phone using your face/fingerprints!


I do worry more broadly about what happens as biometrics become more widely used. It's well understood why one shouldn't use the same passwords in multiple systems, and yet this is effectively very much what we are doing with biometrics. We end up having to violate a whole host of best practices to use biometrics. The opportunity for misuse and equifax-style leaks is ever-increasing.

Reply Parent Score: 3