Why you shouldn’t use Fingerprint/Touch ID and Face ID

Over the years, we’ve seen an increase in the number of biometric methods of authentication and sophistication of smartphone security in general. Of all the biometric technologies, however, fingerprint scanner (or Touch ID) and Facial recognition (popularly known as Face ID) stand out and are currently the most used.

This is because these biometric authentications are sleek, fancy, futuristic, and most importantly, fast. But when compared to traditional forms of security (PINS and passwords), fingerprint readers and Face ID suck. And as such, there are times you don’t want to use them to secure your devices.

Advertisement - Continue reading below

If you have these two biometric instruments as your preferred method of guarding the (purest, darkest and costliest) digital assets on your smartphone, then you might want to turn them off under these instances.

Fingerprint/Touch ID: why shouldn’t it be used?

1. Fast, but flawed

Fingerprint reader might be faster than typing some 4-digits (or more) PIN or multiple character password. Smartphone users are regularly looking for convenience and means to get things done on their devices faster, so it’s understandable.

However, do you know that your smartphone can be unlocked by a “Master print”? Just the same way a Master key can unlock numerous doors, a “Master print” can also be used to unlock many devices.

Master prints are fingerprints that have been engineered to match multiple patterns. With a 65% success rate, these master prints are able to unlock your device by capitalizing on the small size of your phone’s fingerprint scanner — which only matches a partial scan (rather than all the ridges) of your finger. This is why fingerprint sensors are fast, and at the same time, flawed.

The Master print loophole in smartphone fingerprint sensors was discovered by researchers from New York University and Michigan State University.

Other ways a hacker can fool your fingerprint scanners can be fooled are;

2. Compulsion to unlock (by Law)

Depending on the country you are (or live in), you can be forced to unlock your device by law enforcement agencies if you locked it using any form of biometric authentication — fingerprint, Face ID, Iris scanning, Palm Unlock, etc. This is because in some countries, coercing a user to divulge his/her device’s PIN or password is a violation of your rights.

On the other hand, an order from a judge/court to unlock your device using Touch ID, Face ID or any other biometric methods isn’t a violation of the law or the user’s rights.

3. Identicality flaw

Your device can be unlocked by another individual with similar characteristics without even trying too hard. This doesn’t apply to Touch ID though because no two persons in the world share the same fingerprint. With Face ID, however, there have been instances where twins, siblings, and two humans with identical facial properties have been able to unlock the same device.

This doesn’t happen with PINs or passwords. Two or more people might have the same passwords or PIN but there really is no way for you to find out unless you’re being told.

4. Face ID can be overridden by a picture/mask

If a hacker can get your printed photo of you and properly places it in front of your smartphone’s selfie camera, (s)he can bypass your device’s facial recognition system. A Samsung Galaxy S8 facial recognition has been hacked using a printed photo in the past. Some Apple flagship iPhone’s have their Face ID security bypass using a printed 3D mask of the user’s face.

5. Fingerprint is eternal

Fingerprints are one feature we all possess that lives with us till death; there’s no changing it. Unlike PINs and passwords that can be changed anytime, fingerprints cannot. And if an intruder clones your fingerprint, he’ll have access to your device, apps, accounts, etc forever. Changing your phone wouldn’t help either.

This is more reason why you should use strong passwords and PIN that only you can remember and are difficult to crack.

There are many instances where these biometric technologies have failed. In fact, they seem to be more easily bypassed (by hackers, the government, and other individuals) than traditional PIN and passwords.

When it comes to securing your device, the best bet is actually an alphanumeric passphrase.

We’ve established the fact that fingerprint sensors and facial recognition aren’t exactly secure, but that doesn’t mean you shouldn’t use them anymore. Not using them, in fact, is almost impossible in this time/era. The message, however, is that you shouldn’t use them for certain things on your smartphone. Here are some.

Don’t use Face ID/Touch ID on these

1. Banking apps

Unlock your smartphone using Face ID and fingerprint might expose you to zero risks if you have no sensitive information on your device. What you shouldn’t do is use fingerprint or Face ID to login to your banking apps. Use pins or (alphanumeric) passwords to secure your banking apps.

Yes, fingerprint and Face ID are faster but are they worth risking the thousands/millions in your bank account for? If you are a deep sleeper, people can log in to your phone without your knowledge using your finger. They can do the same to your bank app and mess with your monies.

Your accounts are safer with PIN/password even while you’re asleep.

2. Payment apps

Although payments apps like Apple Pay, PayPal and the supports signing-in using fingerprint and Face ID, you should turn them off or deactivate it. Sign-in to your payment apps and authorize transactions using a PIN or password only.

If you lock some other apps (like WhatsApp and Email app) that contain private and sensitive information on your device with fingerprint or any form of biometric tech, you should turn it off today and use PIN/password instead. Biometric authentications are also safe security measures but compared to manually inputted PIN, they are easier to crack.

Fingerprint and Face ID are, no doubts, quick methods of authentication but you shouldn’t use them for everything. Know when to turn them off and when to use them. If you are a high profile individual (politician, journalist, activist, CEO, etc.) you are better off securing your gadgets with PINs and passwords than these two forms of biometric authentications — Face ID and Touch ID.