While I do respect that viewpoint, there’s a lot more independent scrutiny of the hardware modules than there are around the parts that would handle any other authentication mechanism you might use.
Just because something isn’t perfect doesn’t mean we should keep using the less good thing that it replaces.
Use the PIN if that’s more your cup of tea, just so long as you move away from passwords, since it’s the HSM that’s the protection, not the biometrics. Those are just to make it easier than passwords.
You should be more worried about your local doctor’s office contracting some cheap-ass company to handle your data and ending up in a branch than being concerned about biometrics.
Or hell, Experian had that insane breach of basically everyone’s information years ago. Biometrics are not the problem, it’s smaller companies that you have to deal with all the time skimping on security because they think they can’t afford it.
And then companies even more shady than Google and Apple and Samsung (loan companies, health systems contractors, banks, credit card companies, insurance companies) have all your data and are more likely to be involved in a data breach.
deleted by creator
While I do respect that viewpoint, there’s a lot more independent scrutiny of the hardware modules than there are around the parts that would handle any other authentication mechanism you might use.
Pixel phone example iPhone example
Just because something isn’t perfect doesn’t mean we should keep using the less good thing that it replaces.
Use the PIN if that’s more your cup of tea, just so long as you move away from passwords, since it’s the HSM that’s the protection, not the biometrics. Those are just to make it easier than passwords.
deleted by creator
The point being that most people do not need to ever change their biometric data, because it isn’t used for remote authentication.
It’s about picking the right threat model, and for most people anything that gets them using the HSM is an improvement to their security.
If you’re that afraid if the people who build phones, why are you ok with using any device that can access the internet?
deleted by creator
You should be more worried about your local doctor’s office contracting some cheap-ass company to handle your data and ending up in a branch than being concerned about biometrics.
Or hell, Experian had that insane breach of basically everyone’s information years ago. Biometrics are not the problem, it’s smaller companies that you have to deal with all the time skimping on security because they think they can’t afford it.
And then companies even more shady than Google and Apple and Samsung (loan companies, health systems contractors, banks, credit card companies, insurance companies) have all your data and are more likely to be involved in a data breach.
Using biometric data to unlock your phone does not make you more vulnerable to petty criminals.