Why I’m not a fan of fingerprint scanners for computer security

These days many notebook computers and portable devices like USB drives are featuring fingerprint scanners which they advertise as biometric security.

I’ve never been a fan of biometric security of this type. I will explain why using different scenarios:

Likely scenario: Stolen or lost laptop

If your laptop is lost or stolen, it is bound to have nice samples of all your fingerprints all over its nice smooth body. Picking up samples of your fingerprints from your laptop surface is much easier than cracking your password. A few internet searches or a visit to a detective/spy shop will provide the person in possession of your notebook computer or other lost gadget all they need to make copies of your fingerprints and create a mold that they can use to authenticate as you.

If your laptop had been secured with a password and encryption, they’d likely reformat your hard drive and your losses would be limited to your hardware. If a fingerprint scan was all that was required to gain access to your account, then your data, your privacy, not to mention your peace of mind for years to come will likely be stolen too.

Another scenario: Forced access to your computer

Let us consider another likely scenario without going into the cinema-like gruesome situation of a villain cutting off your thumb to forcibly access your computer. Say you are sleeping in a shared college dorm. Your roommate or a friend can bring your laptop near you and easily swipe your finger on it to gain access to all your files. You don’t even have to be unconscious. A person or gang stronger than you can easily overpower you without hurting you physically and swipe your finger on your computer to gain access.

Security Related Cartoon from XKCD

You see? This type of fingerprint scanning biometric security alone replacing passwords (instead of being used in combination with them) is a lot less secure than one would think. Such advertising of biometric security might seem impressive, but it leads to a false sense of security. In this day or digital privacy and identity theft, relying on such an insecure authentication alone is not a good idea.

As an aside, here is an interesting article on how fingerprint scanners work at HowStuffWorks.com.

One Reply to “Why I’m not a fan of fingerprint scanners for computer security”

  1. Won’t these biometric security measures be added on to the current security measures instead of replacing them completely? So you would have to provide your password and your fingerprint scan to get access.

    To get access you need two things – you need to know a secret (password) and you need to have something (fingerprint).

    My bank gives me a RSA secure pin device and also asks for my password.

Leave a Reply