Well, like, when you save your Fingerprint in your phone it stays in a safe place in the phone, but it could get stollen if a person made a shitty product, and like, I don’t know you but I only got 10 of those
Normally phones provide an API to use your fingerprint, but the fingerprint itself isn’t shared or stored. Just like passwords there are ways of sharing this without sharing the plain data or storing it.
It would be much easier to lift your fingerprint IRL and use it than through a website like that. At least without skipping through a lot of warnings.
To avoid always having to login, there’s a token cached on the browser side which lately has been the target of attacks. A temporary ticket store on your computer that people copy to use for a while and access sensistive info as if they had you crendentials. With this type of attack it doesn’t matter what the password type is.
TLDR fingerprints are as safe as any other password, which isn’t very safe.
Well, like, when you save your Fingerprint in your phone it stays in a safe place in the phone, but it could get stollen if a person made a shitty product, and like, I don’t know you but I only got 10 of those
Normally phones provide an API to use your fingerprint, but the fingerprint itself isn’t shared or stored. Just like passwords there are ways of sharing this without sharing the plain data or storing it.
It would be much easier to lift your fingerprint IRL and use it than through a website like that. At least without skipping through a lot of warnings.
To avoid always having to login, there’s a token cached on the browser side which lately has been the target of attacks. A temporary ticket store on your computer that people copy to use for a while and access sensistive info as if they had you crendentials. With this type of attack it doesn’t matter what the password type is.
TLDR fingerprints are as safe as any other password, which isn’t very safe.
Interesting read! Thank you