Fingerprints Still Suck as Authenticators

I do find Touch ID to be convenience but fingerprints are still terrible authenticators. This is, in part, because you leave them everywhere. Another problem is once an attacker as obtained your fingerprint there’s no way for you to change it. As technology improves the ability to obtain a target’s fingerprint becomes easier. The Chaos Computer Club demonstrated that this week when one of its members explained how he was able to replicate a politician’s fingerprint from a photograph:

Jan Krissler says he replicated the fingerprint of defence minister Ursula von der Leyen using pictures taken with a “standard photo camera”.

Mr Krissler had no physical print from Ms von der Leyen.

[…]

He told the audience he had obtained a close-up of a photo of Ms von der Leyen’s thumb and had also used other pictures taken at different angles during a press event that the minister had spoken at in October.

Biometric technology often wins favor due to its cool factor. Seeing a device unlock from a fingerprint reader or a retinal scanner is very neat to witness. But cool factor does not equal secure. If fingerprints can be replicated from standard photography today it won’t be long until they can also replication retinal patterns.