Whats with the sudden urge of "all phones need a fingerprint scanner" bullshit?

>I'm implicitly assuming that the Italian government fingerprints people and then just keeps them on file for things like murder investigations. As opposed to having you put your finger on a reader to access government services
Correct.

>Well the thing is now you've turned your fingerprints into something that's actively used to authenticate you against something. In other words, you've made them worth stealing. The more stuff your fingerprint unlocks, the more worthwhile it is to try and compromise it.
So the danger is hackers stealing it (from wherever) because they want to unlock my devices and accounts (which they wouldn't do if I hadn't used it anywhere)?

Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.

Honestly out of all the botnet things to be angry at I don't know if I would consider this one of them.

I personally hate having to unlock my phone all the time because it's just such a pain in the ass and wastes time. I'd love to get a phone with a finger print scanner because it secures my phone to me in a lot better way, and so if it gets swiped I don't have to worry about it. I can instantly unlock my phone and that's that.

So what if google has your fingerprint? They probably have more important information if you're using a lagdroid anyways. I still see the arguments against, I just don't know if this is the one botnet feature that needs to be put undert the microscope when your phone is always listening to you and sending your other more sensitive personal info to google

>My government (Italy) ready has my fingerprints. What reasons should I have for not wanting a fingerprint reader on my devices?
Well that seems to be enough of a reason. So they can access your device if you only use fingerprint as authentication.

>Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.
This is exactly right. You can always generate a new password, but you get at most 10 fingers per lifetime.

Also this isn't relevant to you but in the US (where you're generally only fingerprinted when arrested or for certain government security checks) there's a dispute in appellate courts over whether the government can compel you to reveal passwords, but there's little doubt they can force you to give a fingerprint. (this arising because of the Fifth Amendment's prohibition on the government demanding that you testify against yourself. Putting your finger on a reader isn't testifying, but revealing a memorized password arguably is. This isn't settled since it hasn't been to the Supreme Court yet.)

apple did it

It's convenient and secure as fuck, opposed to face recognition. What's not to like? Also, it doesn't scan your whole finger, it just searches for patterns.

It could be, I don't really know desu.
I'll look into it.

Yeah, heard about that.
It's funny that I spend so much time on the Internet that I know much more about the American justice system than I do of my country's.

>and secure as fuck
Except that fingerprint sensors from phones are not secure at all. That's why they are so fast. They trade security for convenience. They don't look at the whoile fingerprint, they unlock the phone only if a portion of the registered fingerprint is given to them, which makes them less secure. That's one reason why they ask multiple inputs upon setting them up. While our fingerprints are considered to be unique as a whole, the same can not be said about just a portion of it. The portion that is enough to unlock one of those phones.

>all phones need a fingerprint scanner
Wouldn't know. The only people I ever hear complaining about a lack of a fingerprint scanner are a few Sup Forums posters. But Sup Forums will complain about anything, like Newpipe not having comments or subscriptions. We don't need useless features.

Here in the US, the only reason for the government to have your fingerprint is if you get arrested or you work for them. The average citizen never runs into a situation where they would end up getting fingerprinted.

That's dumb as f...
>Femanon
This explains a lot.

law enforcement can compel you to unlock something with your fingerprint without a warrant

Look it up and see for yourself. That's how fingerprint sensors on phones work. They just need a portion of the fingerprint to match in order to unlock the phone.

>she thinks that matters
Quit being dumb ffs
Science majors manage to be worse than engineers, ffs

Using any form of authentication that cannot be changed but can be stolen is idiotic.

Claiming that fingerprint sensors are secure is wrong. They aren't. They provide piss poor security by any means.

Well, go ahead and crack a fingerprint sensor without access to the finger itself.
I'll wait.

>his phone doesn't have two factor auth
shit, nigga, what are you doing?

Why does our government has your fingerprints?
Are you an ex con or something?

>you will never see her naked tits
why even

>without access to the finger itself.
you are leaving your fingerprints on hundreds of objects every day

Are you retarded? Matching partial fingerprints is not that hard. There was a study about it recently.

ieeexplore.ieee.org/document/7893784/?reload=true

I don't have any interest in doing that. But someone (or something) who has enough interest will do it.

>what are documents

Dick scanner should be next

I was born here but my parents are immigrants.
When I reached a certain age (IIRC 15) I had to register my fingerprints in order to renew my residence permit.

Not sure if regular citizens have to do it.

See above.

Apple sets standards, everyone else scrambles to copy them because they're worried about not being as good.

honestly fingerprint unlock is the easiest, fastest, and most secure way to unlock a phone.
yes, I know, the "no two fingerprints are alike" thing is bullshit but it's still nice security theater and it seems to work. no one has unlocked my phone with their fingerprint (yet).

I do NOT miss having to connect those fucking nine dots every time I want to unlock my phone. Don't miss it a single bit.

I just wish my phone had a hardware unlock slide button.
Like my old Nokia.

I don't give a shit about security because I look after my stuff.

In the case of iOS, at least, fingerprints are not sent to Apple. They're stored locally on the device's Secure Enclave, where nobody can get at them.

Except the Secure Element -- along with, I presume, its Android analogues -- carries a huge incentive to keep it secure as well. It's used not only for unlocking a phone, but also for financial transactions, which is a set of interests that always carries a boatload of laws, regulations, and lobbying muscle behind it.

>Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.

Except periodic secondary checks exist -- on iOS, at least -- against other forms of verification, including device passcodes, account passwords, and 2FA measures. You act like they haven't thought this through.

Re: the 5A situation in the US, all you have to do is turn off your iPhone when the po-po knock on the door. TouchID cannot be used for the first unlock of an iPhone after a cold boot.

I punch in eight numbers every time I unlock my phone. I'm worried about the security of that, when I replace this phone I think I'll set the next one to a ten-digit PIN.

This

>Except periodic secondary checks exist -- on iOS, at least -- against other forms of verification, including device passcodes, account passwords, and 2FA measures. You act like they haven't thought this through.
Those don't really solve the problem.
I'm talking about someone having my fingerprint and being able to use it for something bad, and one it's compromised it's compromised forever.
While secondary checks can be temporarily compromised (until they get patched or the password is changed or something), your fingerprints only need to be compromised once, and can be used for many different purposes, which are not always foiled by secondary checks (if you're using your fingerprint for convenience purposes, they're not even going to be there most of the time).
Especially when we're talking about fingerprints used in the real world.

I imagine if all devices started having fingerprint scanners, someone could potentially write a malware that secretly scans your fingerprints and sends them to him. He could then place them on a crime scene to blame the crime on you.

There could even be some large-scale hack that steals millions of them from Apple or Google devices, and all those people's fingerprints would forever be compromised.

I mean, your fingerprints are so uniquely identifying, that you don't really want to take a chance.

I was already fingerprinted by DCFS because of shit my family dragged me into due to living with them, so getting those prints anyway would probably be trivial for a state/federal organization.

It allows me to have a strong lock screen/encryption password without the inconvenience of typing it out every time I want to unlock my phone.

it's a valid concern but you can beat this with two-factor authentication then if it really bothers you

Convenience. If you don't like it, don't use it or buy a phone without one. Or just don't buy a phone at all. Did you ever think of that?

You can disable AMT and Intel ME and all of that other shit on most ThinkPads by using ME Cleaner and installing Coreboot. Also replace any Intel or Broadcomm networking cards with ones that have open source firmware.

Use the number pin to unlock it. The fingerprint scanners have been hacked using the prints from pictures of people's hands. Secure my ass.

>Use the number pin to unlock it.
That's still slower than the fingerprint. Plus, if someone watches you put in that number, they can not only memorize it but tell others as well. This is why I liked the pattern lock. It's slower but harder to memorize and describe to others.
>The fingerprint scanners have been hacked using the prints from pictures of people's hands.
Oh, please. Don't be so noided. Do you know how much effort that shit takes? How many clear pictures of your fingerprints exist right now outside of government records? Are you a celebrity?

>The fingerprint scanners have been hacked using the prints from pictures of people's hands.
By the time I found a good enough picture of your fingers and created a 1:1 inductive replica of your print (god forbid it's the wrong one), I could have """hacked""" into your phone by then. It would be faster and easier, anyway. Besides, if someone steals your phone, they're way more likely to just wipe it and sell it on eBay for money rather than try to unlock it to get to all ur precious mp3 files.

Most companies run 2FA through... your phone. Which is what your fingerprint grants access to.

Moron users think they are convenient, secure, and cool. Whereas the govt. likes them because having you put your finger on a specific spot on your phone isn't as legally precarious as the whole legally compelling you to give up your passwords thing.

The government already has your fingerprint. They don't need you to unlock your phone.

The government doesn't really even need to unlock your phone anymore due to how cloud-based everything is. All they need to do is subpoena the companies you used to discuss murdering a guy and boom - you're in prison.

itt: paranoia and over-inflated views of ya worth

Goy, just look at how inconvenient typing a several digit passcode is! Quick, give us your biometric data!

seriously who tf do you think is going to want your fingerprints?

why do Sup Forumsiticians always have to make everything about Jews

One day you might make a few enemies, user

Correct me if I'm wrong here, but Android stores your fingerprints locally on your phone in some separate, encrypted part of the phone, right?

So they never actually get sent to Google, and cracking that encrypted part of the phone is almost impossible (at least on the Iphone if I remember correctly, I assume Android is similar).

So there isn't really a downside to using it on your phone as such, right?

Using it for other purposes of course increases the risk of it being compromised and all that.

It might not be impossible forever.

It's a great way to collect biometric data.

Of course, but encryption and security technology progresses constantly, just like the tech that is meant to crack it does. So right now, there isn't exactly anything wrong with using a fingerprint scanner on your phone since the chances of someone lifting it off of your phone are very low.

What data? I'm sure they collect some sort of usage data, but it's not like they collect your fingerprint itself, or anything identifying

>but it's not like they collect your fingerprint itself, or anything identifying
There are two types of fingerprint readers. One is an optical sensor which relays an image of the fingerprint to the OS. This is the cheapest type. The other type, like you'll find on a Thinkpad, stores and manages the fingerprint data internally, and merely sends a hash of the fingerprint itself to the OS when fingerprint authorization is required. It's more secure because the OS (or an attacker) can never recover the actual fingerprint itself.

le CIA wants your fingerprint xDDDD

They also hate it when you tape your webcam.

They don't necessarily progress at the same rate.
Breakthroughs in encryption are pretty rare nowadays compared to those in hacking, considering all the zero-days and backdoors that are constantly leaking.

Because obviously it's more likely than not that American agencies already have access to them, as they're known to work directly woth the OS devs.

Besides, hackers don't have to hack the already stored fingerprints if they can simply make the scanner record new ones for them.

Remember that your security has to protect you constantly and never ever slip up, because an attacker only has to succeed once for your fingerprints to be compromised for good.

I got one on the back of my Xiaomeme and it's just so comfy. My finger rests around that spot anyway so all I need to do to unlock my phone is to pick it up.

Yes, and I somehow doubt that Google allows the type that you mentioned first.

As far as I know, Apple uses the second type, and I assume that Android phones also use secure scanners. Feel free to prove me wrong though, because I'm actually curious about this and would like to know if my phone (Z5) uses a proper module.

Yeah, but I struggle to see how a hacker would get into my phone when I'm not doing anything special daily.
It's always a worry of course, but that's the risk you take I suppose.

Biometrics fails at at least one of the fundamental requirements for secure passwords- The ability to change your passwrod.

False. Ameribro here gave it to both US and Canadian government for Nexus.

It's convenient. I get there are ways for getting around it but it's good enough for my personal use phone. I used to not use a passcode since i locked amd unlocked it so often. Unfortunately most phones have retarded placement unlike my Z5 that has it on the power button.

It's difficult and unlikely, but it's still possible (especially if you're targeted specifically), so maybe today it may not be a realistic concern for you personally, but things will definitely change as fingerprint scanners start to get implemented everywhere.

It's up to you to decide if their convenience is worth it.

Yes.
I was talking about exactly that with the last paragraph.

Not entirely true. You can change the way it hashes the fingerprint or anything of that nature. The finger itself, is unique amd not bruteforcable, so I don't see why that rule would apply here. There are ways around that though so i recommend retinal scans.

As long as it prevents others from unlocking my phone if I leave it on my desk at work, it's secure enough. If it gets stolen, all data is going to be remotely wiped anyway.

Not to mention it can't be figured out by someone watching me or looking at screen smudges afterwards like patterns/PINs.

botnet

facebook wil have everyone fingerprints

>Google allows
Google doesn't control the stuff phone companies put on their phones user. Also Google is all about sucking up all your data.

Except they do.

In the guidelines they clearly state what has to be present, and what is "strongly advised", and so on. Google doesn't allow you to have Android on your phone if you don't follow the guidelines.

pic related are from the guidelines where they mention fingerprint sensors.

Those guidelines are only for if the scanner connects to third party software.

They don't appear to apply if it's just Google's botnet OS which is accessing the data.

Isn't there a US law or something that says if you use a fingerprint to unlock your phone they have the right to force you to unlock it, but if it's a pin or pattern password they can't do jack shit to you?

>and most secure way to unlock a phone
No, it's less secure than a 4 digit code. Fingerprint anything can be bypassed with a few readily available tools.

>Those guidelines are only for if the scanner connects to third party software.

Where does it say that? Seems to me like it applies to everything regarding the implementation of a fingerprint sensor on an Android phone running Android 7.0

>MUST have a hardware-backed keystore implementation, and perform the fingerprint
matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to
the TEE.

>MUST have all identifiable fingerprint data encrypted and cryptographically authenticated
such that they cannot be acquired, read or altered outside of the Trusted Execution
Environment (TEE) as documented in the implementation guidelines on the Android Open
Source Project site

This doesn't mention 3rd party apps at all, and is referring to the operation of the sensor itself. Now it COULD be argued that it doesn't control the hardware in this instance, just the software though.
However, the OS itself is not, at any time, accessing the biometric data, that data is stored separately on a separate part of the processor that doesn't interact with the rest of the OS. The way the phone handles it is that it gives an auth token to the phone that says a fingerprint has been identified and gives the auth token with no actual fingerprint data itself. Pic related once again.

However, in the other parts of the document there are definite hardware requirements, IF the manufacturer wants to implement that particular hardware feature.

>Where does it say that?
Right in the preamble to section 7.3.10, in your image.