Using biometrics to sign in.
This is a complex and controversial issue because there’s more to biometrics than just how or where the information is stored.
I don’t claim to be an expert, but I do have some semi-knowledgeable opinions based on my understanding of the topic.
Bottom line: I use facial recognition on my tablet and fingerprint recognition on my phone and laptop, and I’m not worried.
Become a Patron of Ask Leo! and go ad-free!
Facial Recognition & Fingerprint ID
In general, facial recognition and fingerprint data for device sign-in is stored in such a way that cannot be reverse engineered to expose information unique to you. It’s a convenient approach to signing into frequently used devices. However, it’s not without risk, so make sure you understand possible legal concerns as well.
Storing your face
Let’s address the storage and theft issue first — mostly because it’s a non-issue.
My understanding is that most facial recognition or fingerprint ID systems do not store photographs. Rather, they store information about the characteristics of our face or finger. Those characteristics, whatever they might be, are statistically unique, meaning it’s highly unlikely that any two people would have the exact same set.1
It’s a non-reversible encoding of that information that is stored. Much like a hashed password, you can generate the encoding from the characteristics, but you can’t re-generate the characteristics given only the encoding. Even if an actual photograph were used, the photo could not be recovered from the non-reversible encoding.
When you sign in, your face or fingerprint is scanned. The characteristics are collected and then encoded. If what was encoded this time matches what was encoded when you set things up, then you must be you and should be allowed access. Nowhere was a photo directly compared to another photo.
So even if the data were leaked or stolen from your computer or from the cloud, the information about your specific face and/or fingerprints remains safe.
Storing a photograph
It’s worth pointing out that facial recognition and fingerprint ID can be used for much more than signing into your device.
For example, on returning from a recent overseas trip, all I needed to do was look into a particular camera in the international arrivals terminal, and the customs agent had all my information on-screen by the time I arrived at his station. I never needed to present any form of ID.
It’s very likely that these agencies and others do store actual photographs. Perhaps even more than one.
My focus here is on the more mundane world of identifying yourself to your own devices.
An odd implication
I must preface this section with the usual disclaimer: I am not a lawyer and this isn’t legal advice; it’s just the possibly misunderstood ramblings of a techie who knows just enough to get into trouble.
And this probably also only applies in the United States.
It’s apparently the case that you cannot be forced to divulge a password or PIN. So if you have a device locked with a password, you not technically obliged to unlock it.
Your face and your fingerprint, on the other hand, are another matter. In a sense, they’re “public” in that anyone can see them, and thus anyone can use them. (Fortunately, proper implementations require your actual face or fingerprint and not a replica.)
So, as always, choose the solution that’s appropriate for your situation.
Is that safe?
There is no such thing as “safe” in any absolute sense. Perfect safety doesn’t exist.
Safety and security is a on spectrum. You can be more safe or less safe. In addition, what’s needed to be safe depends on your own situation. For example, whistleblowers and embedded journalists likely need a much higher degree of security than the average computer user.
Understanding your needs and your tolerance for risk allows you to make decisions to stack the safety deck in your favor.
But just know that there’s no such thing as perfect. There’s always some amount of risk, however small. (And this applies to everything in life, not just signing in to your computer.)
For routine sign-in to your devices, consider facial and fingerprint recognition as a convenient option. I do.
But of course, if your needs are different and you need or want additional security, then a more traditional password or passphrase approach might be more appropriate.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
1: In addition, the information has to be encoded in such a way that different facial positions — looking to the side, perhaps — can be accounted for. It’s pretty fascinating stuff.