ummm have they heard of 'passkeys'? like that thing that solves all these issues without any biometrics and personal information and cant be stolen as easily?
like one login on a malicious device, and boom all your biometric data is now in the hand of the attacker.
physical passkeys? good luck compromising that lol
also yes, this is obviously so cops can get to into your stuff and company's can collect your biometric data
to be fair the way most fingerprint scanners are implemented it isn't possible to extract the actual fingerprint (that I know of). but with a malicious device I guess they probably could procure a different type of scanner
Agreed tho I will stick with a master password I know and a hardware token that I have, probably until I die, unless something way better comes out that doesn't allow legal compulsion
that true, and i guess it is worth mentioning that many physical passkeys use fingerprint scanners. the only difference is that your fingerprint never gets send on the internet at all
yeah, once you get into identifying users across devices with fingerprints I get way more skeptical. But local-to-device fingerprint scanners usually just generate and match identifying material internally, if anything goes to the host OS it's just like, a hash or something, iirc.
ummm have they heard of 'passkeys'? like that thing that solves all these issues without any biometrics and personal information and cant be stolen as easily? like one login on a malicious device, and boom all your biometric data is now in the hand of the attacker. physical passkeys? good luck compromising that lol
also yes, this is obviously so cops can get to into your stuff and company's can collect your biometric data
to be fair the way most fingerprint scanners are implemented it isn't possible to extract the actual fingerprint (that I know of). but with a malicious device I guess they probably could procure a different type of scanner
Agreed tho I will stick with a master password I know and a hardware token that I have, probably until I die, unless something way better comes out that doesn't allow legal compulsion
that true, and i guess it is worth mentioning that many physical passkeys use fingerprint scanners. the only difference is that your fingerprint never gets send on the internet at all
yeah, once you get into identifying users across devices with fingerprints I get way more skeptical. But local-to-device fingerprint scanners usually just generate and match identifying material internally, if anything goes to the host OS it's just like, a hash or something, iirc.