. While fingerprint sensors might seem like a nifty way to shorten the steps to your next brilliant tweet and keep your buddy from punking your Facebook with a fake status update, they’re more likely to create a false sense of security, thanks to statements like this, from Apple Senior Vice President Dan Riccio, in the introductory video for the new iPhone 5s:
“Your fingerprint is one of the best passwords in the world. It’s always with you, and no two are exactly alike.”
Riccio is half-right. Your fingerprint is always with you, and no two are exactly alike. But that doesn’t make it one of the best passwords in the world. That actually makes it a potentially lousy password, says Gene Meltser, technical director for Chicago-based security firm Neohapsis Labs, because there’s nothing you can do to change it, to keep the cyberthugs guessing.
“All we have are 10 fingers,” Meltser told The Daily Beast. “That means we can only authenticate successfully 10 times. Once that data is compromised, we are for the rest of our lives unable to authenticate.”
We leave fingerprints everywhere, every day, all day long. Any goober can stick a piece of tape on a greasy thumb depression left on a soda can, peel it off, scan it into a computer, and figure out a way to trick a fingerprint sensor into letting him inside.
Passwords, on the other hand, are stored (or should be stored) only inside the brain. You don’t walk around all day slapping your PIN code on toilet seats and door handles. And even if you did do that, or you figured out someone had peeped over your shoulder and swiped your password, you could change it, and you’re back in Secureville.
If someone grabs your fingerprint, and that’s what you use to get into your phone, they’ll always have it. And unless you find some sweet 007 technique for burning your fingertips off and creating a whole new set, you will not be able to do anything to set a “new” password.