this post was submitted on 28 Apr 2024
388 points (83.4% liked)

Technology

59390 readers
3596 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 31 points 6 months ago (25 children)

I've avoided willingly using biometrics so far. Though I'm sure our faces, gaits, body shapes, etc, are all stored somewhere, willingly or not.

Say no to biometrics. It's like having a password you can never change.

[–] [email protected] 36 points 6 months ago (8 children)

So, it really depends on your personal threat model.

For background: the biometric data doesn't leave the device, it uses an on-device recognition system to either unlock the device, or to gain access to a hardware security module that uses very strong cryptography for authentication.

Most people aren't defending against an attacker who has access to them and their device at the same time, they're defending against someone who has either the device or neither.

The hardware security module effectively eliminates the remote attacker when used with either biometric or PIN.
For the stolen or lost phone attack, biometric is slightly more secure, but it's moot because of the pin existing for fallback.

The biggest security advantage the biometrics have to offer is that they're very hard to forget, and very easy to use.
Ease of use means more people are likely to adopt the security features using that hardware security module provides, and that's what's really dialing up the security.

Passwords are most people's biggest vulnerability.

[–] [email protected] 1 points 6 months ago (7 children)

I've read all this before. If you believe the people who designed and implemented the device and its myriad layers of firmware and software were 1. All acting in good faith and 2. Knew WTF they were doing... then: yes, sure.

Unfortunately that's way too many strangers for me. Hundreds of people design and code these things. Meanwhile, every week there's a clever new breach somewhere.

[–] [email protected] 4 points 6 months ago (1 children)

If you're that afraid if the people who build phones, why are you ok with using any device that can access the internet?

[–] [email protected] 0 points 6 months ago (2 children)

I like how being cautious with my biometric data is beung framed as irrational fear and paranoia. As if ID theft never happens.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

You should be more worried about your local doctor's office contracting some cheap-ass company to handle your data and ending up in a branch than being concerned about biometrics.

Or hell, Experian had that insane breach of basically everyone's information years ago. Biometrics are not the problem, it's smaller companies that you have to deal with all the time skimping on security because they think they can't afford it.

And then companies even more shady than Google and Apple and Samsung (loan companies, health systems contractors, banks, credit card companies, insurance companies) have all your data and are more likely to be involved in a data breach.

[–] [email protected] 0 points 6 months ago

Using biometric data to unlock your phone does not make you more vulnerable to petty criminals.

load more comments (5 replies)
load more comments (5 replies)
load more comments (21 replies)