>If you rely on bio-authentication methods, you risk your privacy especially when the master database gets compromised.
It's my understanding that these methods (TouchID, FaceID) don't actually store your thumb prints or images of your face rather they store hashes of the output. Similar to how passwords should never be stored in plain text.
Its more than a hash since it needs to be able to match similar inputs (face at different angle, partially obscured), its probably just a bunch of raw measurements but not actually a photo of your face.
The upside is its only stored on the device itself and not in a master database and also isn't used for any remote authentication so can't be exploited by hackers over the internet.
Rounding drastically reduces the search space of possible values. A cryptographic hash is no good if you know that the original message can only take on a finite set of values that can easily be enumerated.
It's my understanding that these methods (TouchID, FaceID) don't actually store your thumb prints or images of your face rather they store hashes of the output. Similar to how passwords should never be stored in plain text.