- We should have been ready for this, with all the passwords being leaked in 2015/2016
- It affects US Government employees that were part of the OPM hack
- Fingerprints as you’ll see below are much less secure than we think.
Where are your fingerprints stored?
- On any mobile phone you ever used with a fingerprint sensor on it.
- In the databases of any phone manufacturer you used, which had a fingerprint sensor (if you used it). Possibly distributed across multiple continents – even in countries which may not respect your country’s laws on privacy if something nasty happens (you know – one of the multiple government collapses we’ve seen could be an example).
- On any computer with a fingerprint sensor where you had it configured.
- In every government database which has collected it, ever. (such databases are regularly breached – let’s remembre the OPM hack, the Turkish citizenship database hack and many others, too many to list here;
- Anything you ever touched contains your fingerprint. And you protect your closest secrets with something which is literally left on anything you touch.
Let that sink in for a moment.
- In the future, more and more systems will rely on biometric authentication. And fingerprints are probably the worst (point 5 above).