I’ll list the reasons why using fingerprints as passwords is bad.
- You only have 10 of them (assuming you don’t use your feet’s)
- Once one is stolen from a device or server, it’s not like you can change it, but it’s gone forever
- Someone, without reaching extremes like chopping fingers off, could just force your fingertip onto the reader.
Yes, TouchID is nice and cool and convenient, but the idea of using my body as a password is creepy. Yes, it’s not like there’s a picture of your fingerprint stored somewhere, and yet there is some data derived from it instead, maybe a cryptographic hash.
A good old password that is only in my brain is so much better and safer (for now, at least).
Now, let’s talk about iris identification…