Experts Suggest That We Do Not Know How to Use Fingerprint Authentication Safely

When you got yourself a smart device capable of reading your fingerprint for authentication, you might have just gone through the setup without thinking much about your virtual security. Although you might believe that fingerprint authentication is the best way to identify yourself, cybersecurity experts are warning people that they might be misusing the feature. The thing is that Android and Apple users rely on fingerprint identification too heavily, and they forget about all other security measures. Whether you use Apple’s Touch ID or Android’s Fingerprint security, you need to add another layer of authentication, and that is where most users stumble. They often choose passwords, patterns, and PINs that are weak and unreliable. If you rely on fingerprint authentication alone to keep your data safe, we suggest that you continue reading this report.

Cybersecurity experts do not want you to rely on fingerprint authentication alone

According to igadgetsworld.com, the first smartphone to ever offer a fingerprint sensor was Pantech GI10. This phone made it possible to use fingerprint authentication for login. However, it was iPhone 5S that introduced us to Touch ID in 2013, and Android offered its fingerprint scanning feature soon afterward. Folks were quick to adopt the new method of authentication, but we have been reminded time and time again that biometric authentication is not invincible. Just a couple of months ago, Galaxy s10 users were informed that pretty much anyone could bypass fingerprint login authentication using a screen protector.

In 2015, researchers at the University of British Columbia published a paper that discussed the correlation between the use of Touch ID and misuse of passcodes. It was determined that when Apple users added fingerprints for quicker identification, they often neglected the strength of passcodes. On top of that, users’ awareness of passcode strength suffered as well. Most were unable to determine what a strong passcode looked like, and many were not aware that they could go beyond just a 4-digit passcode.

When you first set up Touch ID on Apple or Fingerprint security on Android, you are supposed to enter your passcode. Whether that is a pattern, a password, or a pin code, you have to make sure that it is strong and cannot be breached by anyone willing to try it. This is where you need to start if you want to ensure that your smart device is always secure. Why should you bother with that if your fingerprint cannot be guessed like, for example, a password anyway? Well, both Android and Apple authenticators can randomly ask you to enter a passcode instead of using a fingerprint from time to time. If you fear that you could forget the passcode, you might decide that adding something simple – for example, 1234 or 000000 – is good enough, but it is not.

If the phone is set to unlock when the user authenticates themselves either with a passcode or a fingerprint, anyone could choose to go with the passcode. If the passcode combination is simple, it could be cracked. Thieves could also look over your shoulder to see what passcode you enter, and if they manage to snatch your device, they could unlock it without much trouble. Therefore, when you’re in public, opt for fingerprint authentication.

Fingerprints can be stolen, and once is enough

It is a myth that fingerprints cannot be stolen. Hackers have used malicious apps to scan them and even 3D printers to forge them. In 2019, the UK Metropolitan Police shared information about a data breach that allowed cybercriminals to access fingerprints, biometric information, usernames, passwords, and personal data of more than 1 million people. This information was primarily used to identify people entering buildings, and it had nothing to do with smartphones. That being said, the researchers who were analyzing the breach concluded that they were able to add new accounts and modify existing accounts to add their own fingerprints, which made it possible for them to access the protected buildings as well.

On smart devices, fingerprints are stored locally, which makes them safer than passwords that are stored on servers, where they could be stolen. Unfortunately, researchers at New York University proved that biometric authentication systems on smartphones could be bypassed using artificial fingerprints. The worst part is that once your fingerprint is stolen, it’s stolen for good. Unlike a password, your fingerprint simply cannot be changed, and so if someone is able to steal it or replicate it, you might never feel safe using fingerprint authentication features again. Of course, using fingerprints is still safer than using weak passwords.

Your virtual security is in your hands

To conclude things, biometric authentication is not invincible, and you need to make use of all security measures available to you. We definitely believe that using fingerprint authentication is a terrific idea, but just because you use something that cybercriminals cannot steal as easily as passwords, it does not mean that you can neglect everything else. It is crucial that you set up strong passcodes or passwords to access your device. That means that you want to ditch your 1234 and 000000 pin codes. Do not use the minimum character/number length available. Instead, opt for the maximum length. If you are afraid of forgetting your passcodes, consider employing a reliable password management tool. Do NOT reuse the same combinations for other accounts and devices. Also, if you face data breaches, make sure you change your passcodes quickly.

Since there is a greater risk of having passwords/passcodes breached, we strongly recommend doubling down on fingerprint authentication. Did you know that you can add fingerprint authentication to apps on your devices? For example, on Samsung devices, you can use the Secure Folder feature to lock apps and files that are most sensitive. That way, if someone guesses or cracks your passcode, hopefully, they will not be able to access photos, notes, calendars, and other sensitive information. Many of the popular smartphone creators offer the option to add fingerprint authentication to apps, and you should really make use of this feature. To double down on password security, do not forget to enable two-factor authentication whenever that’s possible. If you want to learn more about what you can do to ensure smartphone security, continue reading here.

By Foley
February 4, 2020
Computer Security
English
February 4, 2020
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

If You Are Using Fingerprint Authentication on a Nokia Phone, You Might Want to Switch Back to a Password

The theory suggests that competition as fierce as the one we see in the mobile device market will result in products with top-notch quality and great prices. In reality, however, things don't always work out that way.... Read more

April 24, 2019
News

Hackers Are Using 3D Printers to Forge Fingerprints

Biometric authentication should definitely be a step up towards a reliable Identity and Access Management (IAM). The idea is that one can use a unique security token that no one else has. Perhaps the most common... Read more

May 10, 2019
Password Security

The Differences Between Two-Factor Authentication and Multi-Factor Authentication

No doubt those who have seen Perfect Strangers by Paolo Genovese realize how sensitive the information accessible through our mobiles, computers, social media accounts, etc. is, however, unlike in the film, there are... Read more

July 18, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.