But that doesn’t matter! I hate this argument because it misses the point of biometric authentication as “something you are.” There’s no such thing as compromise or revocation. It’s a piece of public information that can’t be stolen or used by anyone other than yourself.
The world can have high def scans of my fingerprint for all it matters, they can’t produce a living human finger with the same print. And if you can’t reasonably ensure that you’re taking a reading from a living human then you shouldn’t be using biometrics.
Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
Having your email secured by a password locked by a device you trust doing biometric auth is perfectly fine. Having a website somehow store your print isn’t.
> Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
What would this "hand data" look like? A 3D model of a hand MRI or X-Ray?
Based on my understanding, in any form of biometric authentication, some amount of static data (i.e. the biometric database is not receiving a secure, updating feed of the state of your hand/body) is stored on the server and compared with the data transmitted for authentication. Biometrics change (fingerprints can be rubbed off from gardening, DNA mutates, etc.), so this static biometric data is something that is mostly environment-invariant.
If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.
> If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.
Suppose this happens. The world now knows all of your fingerprints. And at some point in the future you walk up to the desk of a datacenter where there's a security guard who phyiscally takes your hand, inspects it, and places it on the scanner. Can someone other than you pass this check?
Biometrics are a hard, mostly unsolved the problem, because the hard part is replacing the human security guard who verifies that you're scanning a real person's hand. For not super security sensitive applications TouchID, FaceID, and friends are good enough because most people aren't in Face Off or Mission Impossible.
> It’s a piece of public information that can’t be stolen or used by anyone other than yourself.
The point here is that this is completely wrong. Biometrics can be stolen and they're unreplaceable. There's no device in the world that can be sure it's reading a fingerprint from a living human. Drop a quick query into Google, you'll find dozens of methods that fool Apple's TouchID and that's probably one of the more robust implementations as it makes it rather difficult to do something like replace the sensor and feed in fake data directly to the system. There's only so much you can do to tell human flesh from inanimate objects when all you have is a tiny fingerprint sensor.
> Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
Biometrics is read with sensors, sensors produce data, data can be copied. If you were to publish scans you would have effectively allowed anyone the information needed to fake your fingerprint and authenticate as you. That's the definition of compromise.
Encryption isn't about making something impenetrable, it's about making it more difficult. For example, modern encryption is very difficult
for present-day computers to crack, but won't be that hard for quantum computers to crack.
Also, you're discounting the possibility of multiple layers of biometric + non-biometric authentication. Password/Private-Key + retina scan + left big toe-print scan >= Password/Private-Key.
I also think there are ways to authenticate your identity outside of static data-points if there's a trusted 3rd party real-time system involved.
If you take the position that nobody, even a human sitting at a desk taking prints by hand, can verify that they’re reading from a living human then biometrics and every “something you are” auth is totally useless for all applications.
If you think of biometric auth as “the scan of your eye/hand/whatever is just a password” then I can’t help you and of course that system can be compromised. “Upload a PDF of your fingerprint" is the silliest auth system of all time.
> “the scan of your eye/hand/whatever is just a password” then I can’t help you and of course that system can be compromised.
Unless you have a human to sit there validate that they're reading from an actual human, isn't this essentially what biometric auth is? Am I missing something here? No reasonably sized machine can certainly do the needed verification with the limited information they have.
Not to mention - if it were to be heavily relied upon for security for a very high value target, say one of those bitcoin vaults with hundreds of millions of dollars locked away, you can certainly envision a world where you could get grafted silicone fingertips installed by a plastic surgeon that would likely fool humans based on the exact sort of data leak we discussed.
I totally agree with you, this is why biometrics are this weird open for machines, but solved for humans problems. If you don't trust the scanner then it's useless. Depending on your threat model you can do really fancy stuff like retina scans that detect blood flow and temperature or TouchID for less-sensitive stuff like a screen lock.
> You can certainly envision a world where you could get grafted silicone fingertips.
If you built a system that's so secure that this is the lengths you have to go to beat it then you would be an overnight billionaire if you brought it to market. Like at this point you've achieved human-level verification. Assuming it was small enough to go in phones it would be revolutionary!
