Experts Suggest That We Do Not Know How to Use Fingerprint Authentication Safely

When you got yourself a smart device capable of reading your fingerprint for authentication, you might have just gone through the setup without thinking much about your virtual security. Although you might believe that fingerprint authentication is the best way to identify yourself, cybersecurity experts are warning people that they might be misusing the feature. The thing is that Android and Apple users rely on fingerprint identification too heavily, and they forget about all other security measures. Whether you use Apple’s Touch ID or Android’s Fingerprint security, you need to add another layer of authentication, and that is where most users stumble. They often choose passwords, patterns, and PINs that are weak and unreliable. If you rely on fingerprint authentication alone to keep your data safe, we suggest that you continue reading this report.

Cybersecurity experts do not want you to rely on fingerprint authentication alone

According to, the first smartphone to ever offer a fingerprint sensor was Pantech GI10. This phone made it possible to use fingerprint authentication for login. However, it was iPhone 5S that introduced us to Touch ID in 2013, and Android offered its fingerprint scanning feature soon afterward. Folks were quick to adopt the new method of authentication, but we have been reminded time and time again that biometric authentication is not invincible. Just a couple of months ago, Galaxy s10 users were informed that pretty much anyone could bypass fingerprint login authentication using a screen protector.

In 2015, researchers at the University of British Columbia published a paper that discussed the correlation between the use of Touch ID and misuse of passcodes. It was determined that when Apple users added fingerprints for quicker identification, they often neglected the strength of passcodes. On top of that, users’ awareness of passcode strength suffered as well. Most were unable to determine what a strong passcode looked like, and many were not aware that they could go beyond just a 4-digit passcode.

When you first set up Touch ID on Apple or Fingerprint security on Android, you are supposed to enter your passcode. Whether that is a pattern, a password, or a pin code, you have to make sure that it is strong and cannot be breached by anyone willing to try it. This is where you need to start if you want to ensure that your smart device is always secure. Why should you bother with that if your fingerprint cannot be guessed like, for example, a password anyway? Well, both Android and Apple authenticators can randomly ask you to enter a passcode instead of using a fingerprint from time to time. If you fear that you could forget the passcode, you might decide that adding something simple – for example, 1234 or 000000 – is good enough, but it is not.

If the phone is set to unlock when the user authenticates themselves either with a passcode or a fingerprint, anyone could choose to go with the passcode. If the passcode combination is simple, it could be cracked. Thieves could also look over your shoulder to see what passcode you enter, and if they manage to snatch your device, they could unlock it without much trouble. Therefore, when you’re in public, opt for fingerprint authentication.

Fingerprints can be stolen, and once is enough

It is a myth that fingerprints cannot be stolen. Hackers have used malicious apps to scan them and even 3D printers to forge them. In 2019, the UK Metropolitan Police shared information about a data breach that allowed cybercriminals to access fingerprints, biometric information, usernames, passwords, and personal data of more than 1 million people. This information was primarily used to identify people entering buildings, and it had nothing to do with smartphones. That being said, the researchers who were analyzing the breach concluded that they were able to add new accounts and modify existing accounts to add their own fingerprints, which made it possible for them to access the protected buildings as well.

On smart devices, fingerprints are stored locally, which makes them safer than passwords that are stored on servers, where they could be stolen. Unfortunately, researchers at New York University proved that biometric authentication systems on smartphones could be bypassed using artificial fingerprints. The worst part is that once your fingerprint is stolen, it’s stolen for good. Unlike a password, your fingerprint simply cannot be changed, and so if someone is able to steal it or replicate it, you might never feel safe using fingerprint authentication features again. Of course, using fingerprints is still safer than using weak passwords.

Your virtual security is in your hands

To conclude things, biometric authentication is not invincible, and you need to make use of all security measures available to you. We definitely believe that using fingerprint authentication is a terrific idea, but just because you use something that cybercriminals cannot steal as easily as passwords, it does not mean that you can neglect everything else. It is crucial that you set up strong passcodes or passwords to access your device. That means that you want to ditch your 1234 and 000000 pin codes. Do not use the minimum character/number length available. Instead, opt for the maximum length. If you are afraid of forgetting your passcodes, consider employing a reliable password management tool. Do NOT reuse the same combinations for other accounts and devices. Also, if you face data breaches, make sure you change your passcodes quickly.

Since there is a greater risk of having passwords/passcodes breached, we strongly recommend doubling down on fingerprint authentication. Did you know that you can add fingerprint authentication to apps on your devices? For example, on Samsung devices, you can use the Secure Folder feature to lock apps and files that are most sensitive. That way, if someone guesses or cracks your passcode, hopefully, they will not be able to access photos, notes, calendars, and other sensitive information. Many of the popular smartphone creators offer the option to add fingerprint authentication to apps, and you should really make use of this feature. To double down on password security, do not forget to enable two-factor authentication whenever that’s possible. If you want to learn more about what you can do to ensure smartphone security, continue reading here.

February 4, 2020

Leave a Reply