From a convenience and security standpoint, fingerprint readers are an awesome addition to any computing device – whether it be a phone or a computer. It’s long been a worry, though, that if someone was determined enough to gain access to a fingerprint-locked device, it might be easier to replicate that fingerprint rather than breach security another way, such as by brute forcing a password. Some new information backs that up: we can’t treat fingerprint readers like a security savior – it’s far from being that.
By now, you should be aware of the FBI’s insistence on getting into our phones, highlighted by the recent case where the agency wanted to gain access to a terrorist’s iPhone 5C. Ultimately, the FBI found its own way in, much to Apple’s chagrin, and to date, we’re still not sure how it managed to pull that off. If that phone was secured with a fingerprint reader (it wasn’t, as it didn’t have one), the FBI could have unlocked the phone by force (a corpse isn’t going to fight back), or by printing out a rubber version of a thumbprint, based on records kept in an ever-growing government database.
If this sounds outlandish, it’s important to bear in mind that it’s happened already. While some law enforcement has deemed it appropriate for quite some time to force someone to unlock their phone with a fingerprint, it hasn’t been notably enforced until this year. In February, a federal judge ruled that Paytsar Bkhchadzhyan was guilty of identity theft, and without delay, the judge issued a warrant to let law enforcement gain access to her phone by forcing her to use her thumbprint.
While fingerprints are still arguably much more secure than a simple PIN code for unlocking a device, passwords are protected because they’re private information. Fingerprints don’t fall into the same category, something that should be obvious thanks to the fact that the government has our fingerprints in a database, but not our text-based passwords.
No one is going to feel bad for a criminal being forced to unlock their phone with a fingerprint, but this does set a major precedent, and completely ruins the illusion of security when locking down your mobile phone or computer with one. What would be better? Using a fingerprint and password, a feature most phones don’t currently offer. That could change sooner than later, though, considering just how aggressive agencies like the FBI are towards our personal information as of late.