https://nitter.net/axios/status/1712679556375601187

  • YearOfTheCommieDesktop [they/them]
    ·
    edit-2
    1 year ago

    to be fair the way most fingerprint scanners are implemented it isn't possible to extract the actual fingerprint (that I know of). but with a malicious device I guess they probably could procure a different type of scanner

    Agreed tho I will stick with a master password I know and a hardware token that I have, probably until I die, unless something way better comes out that doesn't allow legal compulsion

    • SILLY BEAN@lemmygrad.ml
      ·
      1 year ago

      that true, and i guess it is worth mentioning that many physical passkeys use fingerprint scanners. the only difference is that your fingerprint never gets send on the internet at all

      • YearOfTheCommieDesktop [they/them]
        ·
        1 year ago

        yeah, once you get into identifying users across devices with fingerprints I get way more skeptical. But local-to-device fingerprint scanners usually just generate and match identifying material internally, if anything goes to the host OS it's just like, a hash or something, iirc.