new | ask | show | jobs
didibus 4 days ago  [ - ]

Biometrics are like identification yes. It checks that it's you. Now knowing that it's you, it retrieves a password stored on-device and uses the password for auth.

The auth is using a password still. The password is just indexed on your face or fingerprint ID and only locally, on-device.

That means the attacker would need the device to ever get at the password in the first place. Then they'd need to be able to break into the device. The latter you can argue is easy or hard, depending on perspective, but they'd need both your faceprint or fingerprint, and a reliable way to replicate it that can fool the reader.

If your fingerprint or faceprint leaks to the world. The attacker would still need your physical device, and would still need to find a way to fool the physical reader with a replica of your faceprint or fingerprint.

In that sense, it's more secure than a password.

 3 days ago  [ - ]
[deleted]