Using biometrics to sign in.
This is a complex and controversial issue because there’s more to biometrics than just how or where the information is stored.
I don’t claim to be an expert, but I do have some semi-knowledgeable opinions based on my understanding of the topic.
Bottom line: I use facial recognition on my tablet and fingerprint recognition on my phone and laptop, and I’m not worried.
Become a Patron of Ask Leo! and go ad-free!
Facial Recognition & Fingerprint ID
In general, facial recognition and fingerprint data for device sign-in is stored in such a way that cannot be reverse engineered to expose information unique to you. It’s a convenient approach to signing into frequently used devices. However, it’s not without risk, so make sure you understand possible legal concerns as well.
Storing your face
Let’s address the storage and theft issue first — mostly because it’s a non-issue.
My understanding is that most facial recognition or fingerprint ID systems do not store photographs. Rather, they store information about the characteristics of our face or finger. Those characteristics, whatever they might be, are statistically unique, meaning it’s highly unlikely that any two people would have the exact same set.1
It’s a non-reversible encoding of that information that is stored. Much like a hashed password, you can generate the encoding from the characteristics, but you can’t re-generate the characteristics given only the encoding. Even if an actual photograph were used, the photo could not be recovered from the non-reversible encoding.
When you sign in, your face or fingerprint is scanned. The characteristics are collected and then encoded. If what was encoded this time matches what was encoded when you set things up, then you must be you and should be allowed access. Nowhere was a photo directly compared to another photo.
So even if the data were leaked or stolen from your computer or from the cloud, the information about your specific face and/or fingerprints remains safe.
Storing a photograph
It’s worth pointing out that facial recognition and fingerprint ID can be used for much more than signing into your device.
For example, on returning from a recent overseas trip, all I needed to do was look into a particular camera in the international arrivals terminal, and the customs agent had all my information on-screen by the time I arrived at his station. I never needed to present any form of ID.
It’s very likely that these agencies and others do store actual photographs. Perhaps even more than one.
My focus here is on the more mundane world of identifying yourself to your own devices.
An odd implication
I must preface this section with the usual disclaimer: I am not a lawyer and this isn’t legal advice; it’s just the possibly misunderstood ramblings of a techie who knows just enough to get into trouble.
And this probably also only applies in the United States.
It’s apparently the case that you cannot be forced to divulge a password or PIN. So if you have a device locked with a password, you not technically obliged to unlock it.
Your face and your fingerprint, on the other hand, are another matter. In a sense, they’re “public” in that anyone can see them, and thus anyone can use them. (Fortunately, proper implementations require your actual face or fingerprint and not a replica.)
So, as always, choose the solution that’s appropriate for your situation.
Is that safe?
No.
There is no such thing as “safe” in any absolute sense. Perfect safety doesn’t exist.
Safety and security is a on spectrum. You can be more safe or less safe. In addition, what’s needed to be safe depends on your own situation. For example, whistleblowers and embedded journalists likely need a much higher degree of security than the average computer user.
Understanding your needs and your tolerance for risk allows you to make decisions to stack the safety deck in your favor.
But just know that there’s no such thing as perfect. There’s always some amount of risk, however small. (And this applies to everything in life, not just signing in to your computer.)
Do this
For routine sign-in to your devices, consider facial and fingerprint recognition as a convenient option. I do.
But of course, if your needs are different and you need or want additional security, then a more traditional password or passphrase approach might be more appropriate.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Related Video
Footnotes & References
1: In addition, the information has to be encoded in such a way that different facial positions — looking to the side, perhaps — can be accounted for. It’s pretty fascinating stuff.
Referring to the illustration — that’s quite a constellation of stars, there. Is the Big Dipper among them? :o
Just be sure they are doing it right. A good finger print scanner uses a capacitive system where the ridges and valleys produce different capacitance. Optical fingerprint scanners can be fooled. My phone and computer use capacitive scanners.
Facial recognition scanners can sometimes be fooled by a photo.
https://www.techrepublic.com/article/windows-face-recognition-fooled-by-printed-photo/
Muggers can steal your phone and open it by holding it against your finger. Maybe scan your pinky instead of your index of middle finger and tell them it’s not your phone (Disclaimer: don’t take this seriously.)
Or the spy movie version where they cut off your finger to gain access.
Presumably, over time as the face ages, the coded data will also change and it may be necessary to update the facial image characteristics. Would that create a problem for your own phone? I guess I’m asking for an opinion on tolerances,
It likely will matter if you have an iPhone. I implemented a second Face ID on my iPhone, so It would unlock while wearing a face mask. I was wearing a white face mask when this was done. When I changed the mask colour to a black face mask, my phone would not unlock until I pulled the mask below my chin.
Edward, most phones won’t live long enough for facial changes to become an issue.
I agree with Leo. I use a USB Biometric fingerprint scanner on my computers here. It makes log-in very easy and fast (I wish Fedora supported this device). If I understand the technology correctly, my fingerprint is not stored. Rather it is the biometric characteristics of my finger that is encoded (the encoding works something like sha-256 or 512 encryptions where the encoded hash is stored, not the biometric characteristics data of my finger itself). In my opinion, this is as safe as, or safer than using a password because the encoded information potentially contains many more variables than are possible with a password, even a long strong one. In Windows, I don’t have a password on my Microsoft account. I have my fingerprint scan data hash, and a locally encrypted and stored pin (for backup in the event my scanner fails). I also use the same technology to log into my phone (fingerprint scanner and locally stored pin) where I keep my Authenticator app for 2FA verification.
This is what works for me, YMMV,
Ernie