As we move toward a future where fingerprints might possibly replace passwords, I see one issue. While passwords can be stolen, they can be changed by the owner after being notified of the security breach. However, fingerprints can be stolen, but they can't be changed. In this future, what happens if someone's biometric data is stolen? You can't very easily change your fingerprints.

  • 2,827
  • 12
  • 29
Timothy Deng
  • 233
  • 2
  • 7
  • In addition, we expect people to do serious research on their own before asking, and to show us what they've done. There's a lot that has been written on this subject; you should try doing some searching on this topic before asking. For instance, have you tried Bruce Schneier's blog and books? Have you read through Wikipedia? Have you read standard introductions to biometrics, e.g., in Ross Anderson's Security Engineering book? – D.W. Apr 16 '14 at 01:36
  • 1
    [Fingerprints are not the same as passwords.](http://www.cs.cornell.edu/courses/cs513/2005fa/nnlauthpeople.html) They cannot be changed, that's why we usually have multiple-factor authentication. Your wife recognizes you because of your face, what would happen if someone made a mask of it? She might go on to ask about your anniversary and he wouldn't know the right date. Oh wait... – rath Apr 16 '14 at 03:37
  • Biometry can only be used as local authentication. Since it's not secret, it relies on the presence of trusted hardware which can tell apart a fake piece of hardware for real fingers/eyes/etc. – CodesInChaos Apr 16 '14 at 08:59
  • There has been some work where your biometric is used as your public key. Then it doesn't matter if your biometric data is stolen as that is your public key. It uses IBE under the hood and some other things to deal with the fuzziness of biometrics. – mikeazo Apr 16 '14 at 15:14
  • 1
    [This](http://technet.microsoft.com/en-us/library/cc512578.aspx) is a nice article on this issue. – DrLecter Apr 16 '14 at 16:15

1 Answers1


The answer depends a lot on your use case. Are you using a biometric to authenticate yourself to a remote HTTP server? Then if someone steals a binary representation of your biometric, they will be able to log in as you. This is why we like moving to 2-factor authentication instead of a single factor.

An example would be something you are (your fingerprint, or a digital representation of it) and something you know (your password).

If you are doing local authentication, the story is a little different. Attacker's options are: cut-off your finger and take it with them (see Minority Report where he used eyes instead of fingers), get a scan of your finger and try to replicate it on something the scanner will be able to read, or connect something between the reader and the computer doing the processing.

Even for local authentication, 2-factor authentication is often used. Your fingerprint scan might pull up a picture of you on the security guard's computer. Or a fingerprint and a PIN.

  • 2,827
  • 12
  • 29
  • Thank you for your answer! I'm more confused on the use of fingerprints in general now, however. If they can be replicated and not changed and are stolen, two factor authentication seems to solve that problem, but then I do not see the point of the fingerprint at all. Why not stick with the current two factor authentication where if a phone or password is stolen or forgotten, it can be reset or replaced? Why use biometrics at all? Just one security breach would reveal your identity to the world. Why would we ever want to use an immutable factor in any type of authentication? – Timothy Deng Apr 18 '14 at 08:41
  • @TimDeng I think those are all valid questions that system designers should ask themselves. I think biometrics for authentication became popular because of how cool it sounds. Just scan your finger or eye and you get access. I see some use for them in local authentication with a tamper-resistant sensor (then you'd physically have to remove someone's finger or eye or construct a very good prosthetic). – mikeazo Apr 18 '14 at 11:40