We all know passwords are rubbish. We pick short ones, simple ones, easy ones; we never change them, we use our birthdays, childrens’ names, pets’s names, postcodes; and then we write them down on post-it notes and stick them to the screen. We think we’re clever when we use a password manager – right up to the point that gets hacked and all our passwords get published to FacePoke in one fell swoop.
What we need is something unique to us that we don’t have to remember or write down, that is always on our person and that will never change. Like a fingerprint. Lots of phones and laptops now have fingerprint scanners. That must be better. Except that’s worse.
Let’s recap on the qualities of a good password.
Good passwords are:
Secret. Your fingerprint isn’t secret. You leave it everywhere. I pick up your used wine glass, I can lift your fingerprint. Fingerprint scanners are easily hacked with a print bulked up with latex spray. Or modelling glue. You can lift fingerprints off all kinds of things; keyboards, smartphone screens (e.g. the fingerprint scanner itself), wood, glass, door handles, paper, magazine and book covers. Someone even extracted a print out of a high-res photo. From a press conference. Which is why your grandmother told you it was bad to wag your finger at people. While she wagged her finger at you.
Revocable. If your your password is compromised, you can revoke it and choose a new one. You can’t easily revoke your fingers and get some new ones. A fingerprint is for life. Uniqueness and immutability are the very reasons fingerprints are used in criminal investigations. However, once your fingerprint is compromised, it will unlock any fingerprint-secured device you own now or at any time in the future. It’s no help if you join the criminal types dipping the acid to erase their fingerprints, because then you don’t have any fingerprints at all.
Encrypted. You can encrypt passwords with an extra level of hashing. Passwords are very closely constrained sets of values, so a hashing algorithm can disguise them and reveal them very reliably, which makes for very strong and hard-to-crack passwords that can be stored in a database as a tiny string of digits. Fingerprints, however, are remarkably imprecise, subject to all manner of variable conditions. Fingerprint matching works on a sliding scale of certainty. There’s a wide margin of error based on partial prints and a number of internal and external conditions, such as blood pressure, moisture, surface pressure, dust, grease, the touched surface texture; expert humans and software achieve a high rate of successful matching based on a number of different points of comparison. Using the un-tampered original fingerprint. Which has to be rendered as a picture – more like a map, really. A big, slow lump of binary data. It takes a long time to apply a decent level of encryption to that.
A fingerprint with a flaw, such as dirt, or a cut can still be matched by eye, even by machine; but not if you try to hash-encrypt it. If you are only using a hashed value representing that fingerprint, any flaw will introduce a hashing variation that means two hashed prints of the same finger taken at different times will never match. Hashing variations snowball, depending on the hashing algorithm you use. Unlike multiple points of comparison, the hash either matches the source or it doesn’t. And without hashing, you’re back to using the unaltered, original print.
So remind me again, why all these hardware companies are including fingerprint scanners? AJS