Normally phones provide an API to use your fingerprint, but the fingerprint itself isn’t shared or stored. Just like passwords there are ways of sharing this without sharing the plain data or storing it.
It would be much easier to lift your fingerprint IRL and use it than through a website like that. At least without skipping through a lot of warnings.
To avoid always having to login, there’s a token cached on the browser side which lately has been the target of attacks. A temporary ticket store on your computer that people copy to use for a while and access sensistive info as if they had you crendentials. With this type of attack it doesn’t matter what the password type is.
TLDR fingerprints are as safe as any other password, which isn’t very safe.
Normally phones provide an API to use your fingerprint, but the fingerprint itself isn’t shared or stored. Just like passwords there are ways of sharing this without sharing the plain data or storing it.
It would be much easier to lift your fingerprint IRL and use it than through a website like that. At least without skipping through a lot of warnings.
To avoid always having to login, there’s a token cached on the browser side which lately has been the target of attacks. A temporary ticket store on your computer that people copy to use for a while and access sensistive info as if they had you crendentials. With this type of attack it doesn’t matter what the password type is.
TLDR fingerprints are as safe as any other password, which isn’t very safe.
Interesting read! Thank you