Pages:
Author

Topic: Biometric BTC wallet? - page 2. (Read 833 times)

legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
September 16, 2019, 04:30:51 AM
#31
so nobody here is using faceid or touchid?

Look I think it was cool faceid and it is a form of security for corporate and business use devices, and even for consumer devices etc. But these are rather different use cases than to actually be the main form of security for bitcoin.

Biometrics in security for your iphone I'd say doesn't get me worried about someone hacking off my eyes/finger to get into my phone (I realise I'm dramatising). But if I had a sizeable amount in my bitcoin wallet, I daresay I'd be more worried about that.

P.S. I have used touchid for laptop and happy it's there. But I just wouldn't use touchid for a wallet. Others might. Power to them.
jr. member
Activity: 87
Merit: 5
September 16, 2019, 03:37:36 AM
#30
Don't go for it even if there is one. If we are only talking about convenience then this would be great but if you are risking the security of your wallet because of it then it's really not worth the risk. Banks have done this with their apps and one way to avoid abusing it is they added a mandatory pin before you can even send money, the fingerprint was only to access the dashboard part of the app but even that is also a risky move since you are letting other people see what you have in your account.

so nobody here is using faceid or touchid?
hero member
Activity: 1806
Merit: 672
September 14, 2019, 03:46:23 PM
#29
Don't go for it even if there is one. If we are only talking about convenience then this would be great but if you are risking the security of your wallet because of it then it's really not worth the risk. Banks have done this with their apps and one way to avoid abusing it is they added a mandatory pin before you can even send money, the fingerprint was only to access the dashboard part of the app but even that is also a risky move since you are letting other people see what you have in your account.
hero member
Activity: 3010
Merit: 794
September 12, 2019, 01:03:02 PM
#28
Many of us have already shared their opinion about "biometric" and i am not gonna disagree with them too. Implementing retina or finger print scan system for fund transfer or wallet security wouldn't be a good idea. In both of these system there is higher chances to lose fund from wallet because those are easily collectible. I think maybe OP have got interested because in recent times most of the latest mobile phone brands are providing finger print and face detection features for their users. But mobile phone privacy and wallet security doesn't bear the same value. Where it relates with the matter of users fund there security should be unbreakable.

Yeah you can say that hackers can breach any types of security but we have to choose something which has lower chances. Current password based security system is much safer in my opinion where users could change it when they feel it necessary. But for "biometric" system we can't do it for multiple times specially for retina scanning.
Im thinking the same way where op do think up about biometric type which can be commonly seen with smartphones but in terms of level of bypass it do have much higher compared to those wallet that do have traditional passcode or keys and just like what been said above that airgapped devices and hardware wallets is already enough.

OT:
On side note with this fingerprint type padlock https://www.youtube.com/watch?v=RxM55DNS9CE is just useless.
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
September 08, 2019, 06:25:05 PM
#27
Many of us have already shared their opinion about "biometric" and i am not gonna disagree with them too. Implementing retina or finger print scan system for fund transfer or wallet security wouldn't be a good idea. In both of these system there is higher chances to lose fund from wallet because those are easily collectible. I think maybe OP have got interested because in recent times most of the latest mobile phone brands are providing finger print and face detection features for their users. But mobile phone privacy and wallet security doesn't bear the same value. Where it relates with the matter of users fund there security should be unbreakable.

Yeah you can say that hackers can breach any types of security but we have to choose something which has lower chances. Current password based security system is much safer in my opinion where users could change it when they feel it necessary. But for "biometric" system we can't do it for multiple times specially for retina scanning.
legendary
Activity: 1624
Merit: 2481
September 08, 2019, 05:46:15 AM
#26
So what is safe or what would you rely on? Please enlight me

Depends on your thread model.

What do you want to protect against ? And how much inconvenience are you accepting to take in order to secure your coins ?
A simple password protected hardware wallet already is much more secure than a 'biometric' wallet could ever be.

There are a lot of possibilities and different ways to do so, while something biometric-like is one of the worst.
legendary
Activity: 2730
Merit: 7065
September 08, 2019, 02:41:57 AM
#25
So what is safe or what would you rely on? Please enlight me
Nothing is safe if you don't use proper precautions to secure your investments and many things are relatively safe if you do.

There is no need to invent new methods of storing or accessing your coins. We already have hardware wallets, you can use them. Use a paper wallet if you are a more advanced user or multisig options. You can even store your crypto in Electrum or airgapped machines. It all depends on what you have available or what you are ready to invest in combination with your computer habits. Even the most secure paper wallet or hardware device can't help you if you stored your seed/private keys in your email or phone.
jr. member
Activity: 87
Merit: 5
September 07, 2019, 07:37:12 AM
#24
Don't get me wrong, I still think biometrics are a horrible method of securing your coins, which no one should use beyond maybe a hundred bucks on a mobile wallet, but backing up in case you lose access to your wallets is a non issue.
Listen to this story.

My friend's wife and his daughter went abroad to visit their grandmother. His wife has the FaceID (or whatever it is called) option enabled to unlock her phone. One day he saw a gibberish post on Facebook on his wife's Facebook profile so he called her to see what that was all about. Turns out that their daughter was playing with the phone and the FaceID software recognized her face as that of his wife. She was able to unlock her phone. The interesting part is that the daughter looks entirely like my friend and nothing like his wife. Further proof that this type of protection is not something to rely on.   

So what is safe or what would you rely on? Please enlight me
legendary
Activity: 2730
Merit: 7065
September 07, 2019, 02:15:01 AM
#23
Don't get me wrong, I still think biometrics are a horrible method of securing your coins, which no one should use beyond maybe a hundred bucks on a mobile wallet, but backing up in case you lose access to your wallets is a non issue.
Listen to this story.

My friend's wife and his daughter went abroad to visit their grandmother. His wife has the FaceID (or whatever it is called) option enabled to unlock her phone. One day he saw a gibberish post on Facebook on his wife's Facebook profile so he called her to see what that was all about. Turns out that their daughter was playing with the phone and the FaceID software recognized her face as that of his wife. She was able to unlock her phone. The interesting part is that the daughter looks entirely like my friend and nothing like his wife. Further proof that this type of protection is not something to rely on.   
legendary
Activity: 2268
Merit: 18771
September 06, 2019, 07:32:01 AM
#22
What will happen if user lost his finger in case or he become blind by any accident?
Presumably the user would be able to recover their funds by importing their seed in to another wallet. If a wallet does not give a seed when you set it up, then you shouldn't be using it.

Don't get me wrong, I still think biometrics are a horrible method of securing your coins, which no one should use beyond maybe a hundred bucks on a mobile wallet, but backing up in case you lose access to your wallets is a non issue.
legendary
Activity: 2422
Merit: 2228
Signature space for rent
September 06, 2019, 07:22:53 AM
#21
What will happen if user lost his finger in case or he become blind by any accident? If there there is any wallet based on fingerprints or retina then a user might lose his fund. So I am not much interested about this mathode. Perhaps it might be added any wallet as a extra security but there should be recovery options if incase happen any accident. So no one will lost his funds.
legendary
Activity: 1624
Merit: 2481
September 04, 2019, 09:27:38 AM
#20
Well, you could hack a trezor

How would you do this ?
Circumventing fingerprint security measurements is relatively easy and it has been mentioned how it can be done.

So.. how would you hack a trezor ?



or fake an electrum update

How would you fake the signature ?
I mean.. people who don't verify the signature are at risk.. yes. But that's not how you update electrum. You always have to verify the pgp signature.

So.. how would you do this ?



WHY is this idea so much worse?

Because there are easy attack vectors and risk of losing access (all has been mentioned in this thread already).

If you can argue against electrum updates or trezor being hackable the same way with the same level of complexity (very low), then it is not much better.
But as long as you can't, both are definitely better than a fingerprint secured wallet.
legendary
Activity: 2268
Merit: 18771
September 04, 2019, 09:25:40 AM
#19
Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?
Because to lose my funds via Electrum I would need to download a fake wallet, forget to verify it, install and use it without doing any due diligence. I'm not that stupid. To lose my funds via a hardware wallet I would need to stop using a passphrase, again use some fake software or maybe let someone else gain physical access to my device, give away my PIN or seed, or something similar. I'm not that stupid.

To lose my funds via a biometric wallet, an attacker only needs a photo of my face or anything I've touched, from a hand rail to a door handle to a bottle of juice. Unless you plan on wearing gloves and a full face covering 24/7, biometrics are far more easily hackable.
jr. member
Activity: 87
Merit: 5
September 04, 2019, 09:07:08 AM
#18
I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.

It is very easy to duplicate fingerprint in gelatin or some similar material and make a 'backup'
but then again same can be used by hackers, so I also don't think fingerprint alone is bets for securing crypto wallet.

Please read this article of data leak that exposed biometrics of over 1 million people!
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376

Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?
sr. member
Activity: 420
Merit: 263
let's make a deal.
August 19, 2019, 09:41:07 PM
#17
I am using Edge wallet, which provides password + TouchID security for currency i want to carry around.  this is not how i'd carry the bulk of my savings, but for me it is an optimal security/convenience compromise for everyday amounts.

I rely on TouchID becuase the biometric data is stored on the secure enclave chip on the iphone.  This is also secure enough for most of my everyday activities.  However, i never got a FaceID phone and i'm in no rush to upgrade, so i understand the aversion to this technology at least.
legendary
Activity: 2212
Merit: 7064
August 14, 2019, 03:45:18 PM
#16
I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.

It is very easy to duplicate fingerprint in gelatin or some similar material and make a 'backup'
but then again same can be used by hackers, so I also don't think fingerprint alone is bets for securing crypto wallet.

Please read this article of data leak that exposed biometrics of over 1 million people!
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376
legendary
Activity: 2730
Merit: 7065
August 14, 2019, 03:42:42 AM
#15
I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.
legendary
Activity: 1806
Merit: 1828
August 13, 2019, 12:39:42 PM
#14
I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.

Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed.

Thank for pointing that out. Therefore, I would not use a BTC wallet that is secured by biometrics. I do not plan on wearing some kind of suit and mask that prevents my biometric data from being copied.
legendary
Activity: 1876
Merit: 3139
August 13, 2019, 12:29:09 PM
#13
I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.

Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed.
legendary
Activity: 1806
Merit: 1828
August 13, 2019, 12:21:37 PM
#12
Biometrics really aren't all that secure.

That's because Biometrics supposed to offer convenience and it's only secure against non-physical attack.

   It depends on the Biometric used. Fingerprints are not that secure because a person leaves those everywhere. I'm sure someone can lift a fingerprint and create something that can fool a scanner. DNA is really not that secure either, since a person leaves traces of their DNA everywhere they go. Facial recognition is not secure either, since someone can easily capture your image, and use that to fool a scanner. I suppose a retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that. It's not impossible though.
   Naturally, as you imply, all biometric security is overridden by the five dollar wrench attack. Since a person only has one set of biometrics, they can't even set up a dummy wallet, effectively. I suppose someone could use a different finger/thumb print to set up ten wallets. However, a smart criminal will simply have you try all ten fingerprints.
Pages:
Jump to: