Are fingerprint scanners more secure than passwords?

Hi Everyone,

I read the interesting post about fingerprint scanners by ronjor here and the linked to article.
The current crop of scanners are certainly more convenient than having to remember a password to access your password manager. They do increase the physical security of an unattended computer (at least superficially).
Also, current key loggers would be ineffective at capturing the fingerprint.

So besides the above points, are fingerprint scanners more secure than passwords?
Here is why I ask:
Sure a fingerprint is unique only to you, but in order to be used for authentication, it has to be digitized and stored in the computer in some kind of file. This file could be transported (courtesy of malware) to a third party and they could use the fingerprint file to impersonate you.
Also, just like there are key loggers today, why wouldn't there be fingerprint loggers tomorrow? Of course, this assumes your computer has been compromised by malware, perhaps a root kit. Nowadays, unless you are security savvy (i.e. a Wilder's member ), your computer could be compromised relatively easy.

So, what do you think?

 

well I might just have to get out my welder and build a LWM proof case

 

Keep one other thing in mind about fingerprints (from a former law officer who did a lot of reading, especially after unexpected early retirement).

While they're popularly believed to be absolutely unique, the reality is that they're "unique" only for most practical purposes, and within a finite (but quite large, like a couple of continents) population sample. The odds against someone else having the same fingerprints as you is several hundred million, perhaps a billion, to one -- but given today's world population, there could be half a dozen other people somewhere in the world with exactly the same fingerprints.

The chances of two such people being relatively nearby in a common culture (even, say, the whole Christian world, or the whole English speaking world) are so infinitesimal that law-enforcement and judicial systems, even up to the Interpol level, consider the prints unique. But as you've probably heard, top-security operations are now mostly switching to retina scans for ID, or better yet the combination of retinas plus fingerprints.

Hmm, so much for the "quick comment" I had in mind when I started this.

Best,
Mike

 

umm ya but I seen on tv shows that if you have retinal scans for security, if a perp wants to get into your computer he has to cut your eyes out. I'd rather just be able to give him a finger or better yet a password.

 

Just giving him the finger might be the best way

 

Thank you LowWaterMark!
Your explanation was clear, to the point, and thorough.

I've wondered about this since they first came out with the PC fingerprint scanners and it is great to be able to have these kind of questions answered.

Much appreciated.

 

Mike,

Thanks for the info, I'll start looking for my 6 other fingerprint twins. Then I'll be able to be in 7 places at once.

 

But how can this (retina or retina/fingerprint scans) be considered "top-security" if they have the same basic vulnerability as a PC fingerprint scanner? Are they implemented in a more secure way? If so, what makes it better and could such a system be implemented on a PC level?

Thanks

 

Sorry, Devinco, I haven't a clue about the technical details of retina scans -- I think the basic principle is that there's a few orders of magnitude more different kinds of retinal patterns than in fingerprints, so they're far more likely to truly be unique.

But I got a little off topic bringing that up in the first place. LWM's point, and there seems to be general agreement with it, was that if there's physical access to your computer, then a major part of your security is lost.