Tell me about fingerprint sensors, Sup Forums

Tell me about fingerprint sensors, Sup Forums.
Are they riskier than normal passwords? More secure? Am I giving the government my fingerprint by using one on Android/iOS/Windows/MacOS? Is it a deal breaking feature in modern smartphones, or is it completely useless?

The government has back doors in almost everything so to them it is probably the same as a regular password, if not easier.

In terms of usability it isn't a meme, it is a genuinely nice feature that many people want on phones. Sometimes it is a dealbreaker to not have one.

...

Riskier. They can open them by obtaining your fingerprint. Passwords have to be cracked, or backdoors have to be opened, court orders obtained, etc. Both take much longer than some investigator or border agent pulling up your fingerprint from the DMV records.

I hate to be 'that guy' but it's a botnet lad. also they can still be duped either from forensics or cutting off your fingers.

fingerprints are usernames, not passwords

>>>/reddit/

More convenient, but if you're ever detained detained, it's a lot easier (from a legal standpoint) to compel you to surrender your fingerprints than your password. So personally, I use it 90% of the time, but disable it under certain circumstances (e.g flying)

That is a neat idea tho. Didn't think of that...

Why is that reddit? That user isn't wrong, a fingerprint is an easily accessible identification that everyone technically can see/have access to.

The best method is probably keeping your phone itself locked with a pin/passcode and using fingerprint for everything when you're inside it. Bank of America lets you use a fingerprint sensor, for example, so it's safe to do that. As long as no one can get into your phone itself with your severed finger, you're safe.

Personally I go the other way round, fingerprint to get into the device, but everything locked down with different credentials per use case once inside. That way you compartmentalise any breach

It's not secure. The fingerprint is not 5th amendment protected

The problem is that, once someone has access to your device, you should assume that it's completely breached. There are a million ways for a government/hacker/other malicious entity to crack and circumvent specific passwords and logins, a billion exploits and 0days that can happen, but they're all rendered ineffective if they can't get past your lockscreen (assuming your device is encrypted, which it really should be).

If your fingerprints are leaked you can't change them

If your fingerprints get leaked, it's pretty easy to just change the login method to a password, assuming you know a leak happened. So really it's just the same as your password getting leaked.

Don't think you actually read my post famalam, good luck breaching accounts I sign out of immediately after use, and don't allow the device to remember my password for

>fingerprint for uid access then password to actually access
brilliant

No matter what you should have a password at boot, and possibly have a timeout for fingerprint (i.e. after five minutes you have to re-enter a pin or password). It's also not a bad idea to require a password before certain actions. God-teir would be the ability to unlock the phone with one finger and shut down/password lock/potentially wipe the phone with others.

You still need physical access to the device to use the fingerprint.

I don't think you read mine.

Just take a second and think about what I'm saying. The CIA, NSA, FBI, whatever, they probably don't even need your password to get into any accounts you have on your phone (Bank of America, Facebook, etc), and these are for the most part the only entities you need to worry about maliciously using your fingerprint. They don't need your password because there are, with 100% certainty, a multitude of exploits they can use to access those accounts, and if all else fails, they can just contact the service itself to gain access.
Therefore, no matter how you secure an app, you should assume that any significant entity has access to all your accounts when it's accessed. This is Cyber Security 101.

So, the only way to truly protect these services at all is by preventing the attackers from accessing your phone in the first place. They almost definitely can't exploit something if they 1. don't know it's there in the first place, and 2. can't access your files in the first place.

Essentially, break it down to the logic of a thief trying to steal a variety of things from a room. My method is installing a state of the art security system to prevent anyone from getting into the room by any means. If by some stroke of magic they made it into the room, then all hope is lost for other security anyways.
Your method is keeping the room very poorly locked, but locking each individual valuable item in the room with a different type of high security padlock in a small metal chest. Even if the thief couldn't break into any of the different locks right then and there, he can still steal them, take them home, and spend time fucking with them until he can break into them. It would've been smarter just to invest everything into a room that was impossible to open to begin with.

ignore everything everyone else has said and remember that biometrics cant ever be changed so if your fingerprint of irish get leaked (a photograph, your keyboard, or phone) it can be replicated and you cant exactly change your fingerprint like a password

dont be a idiot op

I read somewhere the chances of a fingerprint scan returning false positive is 1 in 10,000

I'm not saying your wrong, nor am I defending stupidly insecure finger prints, but do you have a source? I'd be pretty surprised for the technology to be that inconsistent.

you can cut someones finger off (its probably quite easy) and use that but you cant cut the password out of their brain

Why place your life in jeopardy when there are less dangerous ways to do the exact same stuff?