Comment on Stop Using Your Face or Thumb to Unlock Your Phone
chrash0@lemmy.world 2 months agoit’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
Boozilla@lemmy.world 2 months ago
Assuming the phone’s security works as intended, what you’re saying is true. However, it’s a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.
I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I’m not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we’ve seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer’s data.
I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don’t kid yourself that it’s secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it’s compromised forever.
Cupcake1972@mander.xyz 2 months ago
First provide proof that you can pull out biometric data out of a secure element in a phone.
Boozilla@lemmy.world 2 months ago
en.wikipedia.org/wiki/Jan_Krissler?wprov=sfla1
ricecake@sh.itjust.works 2 months ago
That’s not retrieving the biometric data from the device, that’s retrieving the biometric data from surveillance or physical interaction.
It’s quite specifically the type of threat that most people do not need to worry about.
chrash0@lemmy.world 2 months ago
like i said, it’s more of a username than a password