Like, anyway we could permanently change the patern on a finger?
Could you? Yes. But there really is no point— biometrics alone are only a single factor for authentication.
You should have at least two of the three— something you are (fingerprint, facial, or retinal recognition), something you have (badge, token, secure device), and something you know (passphrase).
biometrics alone are only a single factor for authentication.
I’d argue that biometrics is NOT an authentication factor but is instead a username. You’re identifying who you are.
Authentication is, explicitly, the process of validating that you are who you say you are. Like biometrics, your username is part of your digital identity. So you are correct in arguing that biometrics alone is little stronger than a username, but by definition, both are part of authentication.
That said, to securely authenticate your identity, you need to use multiple factors.
No there is no way. And vecause of that it is a stupid idea to use fingerprints instead of passwords
So, like I couldn’t even technically create a Scar on the finger by continuously creating damage at the same place to destroy some details and create new ones?
You could.
Good luck with resetting your account credentials though.
Also: Please for the love of god do not apply this logic to cornea scans.
Eye biometrics scan the iris or the retina, not the cornea (which is transparent)
You can’t change it, but you can remove it with fire.
Oh shit, new fear unlocked
Well, like, when you save your Fingerprint in your phone it stays in a safe place in the phone, but it could get stollen if a person made a shitty product, and like, I don’t know you but I only got 10 of those
Normally phones provide an API to use your fingerprint, but the fingerprint itself isn’t shared or stored. Just like passwords there are ways of sharing this without sharing the plain data or storing it.
It would be much easier to lift your fingerprint IRL and use it than through a website like that. At least without skipping through a lot of warnings.
To avoid always having to login, there’s a token cached on the browser side which lately has been the target of attacks. A temporary ticket store on your computer that people copy to use for a while and access sensistive info as if they had you crendentials. With this type of attack it doesn’t matter what the password type is.
TLDR fingerprints are as safe as any other password, which isn’t very safe.
I have a scar across one of my fingers so that part of my fingerprint has changed