**Biometric Apps Will Soon Be Pushed Across the Web**
This is a bad idea:
1. You can't "reset" your biometrics like a password.
2. Biometrics aren't hashable. The end result is they're less secure than other forms of authentication. (If you don't understand what this means, you're not qualified to have an opinion on this matter.)
3. You can't control what happens to your biometrics once they're in the hands of a 3rd party.
Please re-Toot.
@profoundlynerdy
why are they not hashable? it's not like you're actually storing someone's fingerprints; they're just data points, can't those be encrypted too?
@profoundlynerdy I did post this before reading the other responses.
So, I'll add to the question. As someone pointed out above, wouldn't the best case be that biometrics unlock a password manager, where the passwords are hashed?
@warburtonstoryaddict The problem is it's not as hard as it sounds to spoof your biometrics.
I've shared this a few times. Let me know if it's duplicate from your perspective: https://hackaday.com/2015/11/10/your-unhashable-fingerprints-secure-nothing/
@profoundlynerdy this was helpful, thanks!
So since it looks like biometrics are here to stay, if people insist on using them they really should be for real-time, two step verification and nothing else?
@warburtonstoryaddict I'm not even sure that works.