0

Mathematically, how much more secure is fingerprint compared to textual passwords? Like is there any detailed mathematical analysis?

ravipandhi
  • 1
  • 1
  • 3
    Fingerprints _more_ secure that passwords? Uhh, I can lift your fingerprint off your phone screen and use it to get into your iPhone. Easy. Mathematically, that's 0 security. – Mike Ounsworth Nov 21 '17 at 21:24
  • 2
    The how much matters little; what matters more is that, mathematically, the quantity you refer to has a negative sign in front of it. – LSerni Nov 21 '17 at 23:44
  • I think the anecdotal answer is this. For most people a fingerprint is safer, because nobody can look at your fingerprint over your shoulder. However, if you're a person who may be targeted by advanced people a password would be safer because a password can't be lifted of a drinking glass. – Nate D Nov 22 '17 at 00:12
  • Print-cloning aside, a fingerprint is less secure. It's much easier to cut off your finger compared to the time it can take to interrogate you for a password. – Overmind Nov 22 '17 at 12:15

1 Answers1

0

Fingerprints are not supposed to be used on their own for authentication. The fact that many devices are starting to do that does not mean it is a good idea. In security, you should authenticate yourself with three different factors: something you have, something you know, and something you are. You can have a smart card, or an encrypted hard disk. You can know a secret password, a pin, or a pattern. And you are a person with a fingerprint, a person with a particular typing pattern, or a person with a specific speech pattern. Often, people only use the latter two, for example a username (something you are) and a password (something you know). See these lecture notes. It explains this all very well.

A fingerprint is like a username. All a username does is allow authentication using a non-secret value so there is no issue with "error: this password is already taken". Less information is revealed when the message is "error: this username is already taken". This is the purpose of the username. But how is a fingerprint the same? A username is something easy to discover, usually it's plastered all around or simply a variation on a person's name. A fingerprint is the same. It is plastered all around. You don't need high-tech forensic equipment to pull a fingerprint off of anything. While some devices try to use slightly more advanced fingerprint scanners (e.g. using capacitance detectors to avoid being tricked by high-res photos of a fingerprint), they are still not all that good.

Finally, you asked how fingerprints compare mathematically. This cannot be answered because a fingerprint is not a mathematical value. You would have to see how the specific implementation of fingerprint reader works. How many unique points on a fingerprint does it take into account? What is the variation among different populations for these specific points? With a password, the strength is simply the equivalent of the amount of entropy present in the password. Unlike fingerprints, passwords can be made truly random.

A fingerprint is a username that you don't have to type in every time.

guest
  • 51
  • 1