Your IT Consultant

Another Reason to Not Use Fingerprint Access on a Smartphone

April 18, 2017

Sorry that it is "inconvenient" to type in a password or PIN to unlock your phone, but it is a lot more secure than using a fingerprint scan (e.g. Touch ID on an iPhone). A recent report states that a "master fingerprint" can unlock multiple smartphones. This is true for consumer fingerprint scanners. The scanners are small and can only scan small images. To compensate for the small images, these devices often acquire multiple partial impressions of a single finger during enrollment to ensure that at least one of them will successfully match with the image obtained from the user during authentication. Researchers hypothesized that there could be enough similarities among different people's partial prints that one could create a "MasterPrint."

It turns out they were right. Using commercial fingerprint software, they analyzed 8,200 partial prints and found an average of 92 potential MasterPrints for every randomly sampled batch of 800 partial prints. (They defined a MasterPrint as one that matches at least 4 percent of the other prints in the randomly sampled batch.) Using MasterPrints, the team reported successfully matching between 26 and 65 percent of users, depending on how many partial fingerprint impressions were stored for each user.

As I've recommended many times, stick with using a password (stronger than a PIN) instead of a fingerprint or facial scan to unlock your phone.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com