Author

Topic: Block's plan hardware wallet with fingerprint sensors... (Read 346 times)

legendary
Activity: 1974
Merit: 2124
I posted in another thread about this, but beyond the good and bad of the fingerprint, they probably want you to use their app & software so they can track you better.

https://bitcointalksearch.org/topic/m.59307599

This is how integrated block / cashapp is within their ecosystem. Do you want to give them knowledge of your BTC spending habits?

-Dave
This is what happening in reality as they would posses that enhancing security is best way to safe you but on the other hand wants to collect your personal data also.We are familiar with crypto exchanges,wallets data leaks of clients on dark web so this is how we make our funds more secured?

The biometrics can save you time but it can save your funds it's not guaranteed as there are so many problems associated with it but they are not focusing on it.

Still, seed will be the primary method, because a fingerprint cannot be digitised in a blockchain. And I wouldn't trust such wallets that use biometrics because you are identifying yourself with specific addresses, which is not secure.
Seed phrases are traditional way of securing your funds but they are offline not on blockchain as it's open ledger and you can't post something personal or secret there.
sr. member
Activity: 2282
Merit: 439
Cashback 15%
I think too, that biometrics in such hardware wallets will be used as an extra feature, something like unlocking apps on an iPhone with a fingerprint, which can be disabled in the settings. Still, seed will be the primary method, because a fingerprint cannot be digitised in a blockchain. And I wouldn't trust such wallets that use biometrics because you are identifying yourself with specific addresses, which is not secure.
hero member
Activity: 2562
Merit: 586
I think fingerprint security is going to be a secondary security measure and access to carry out transactions and the seed phrase or wallet key will still be there if I understand the article correctly but what the new does not contain or I failed to see is the statues of the wallet whether if it's will be a custodial or noncustodial wallet this will give us more clarifications on the fingerprint feature I wallet. As others have rightly said, the fingerprint is not secured security 🔒 feature as fingerprint can easily be bypassed via many means but if it an additional security just like we have in our trust wallet as access means but not for the restoration of the wallet. Placing the fingerprint feature as the key security to the wallet may be a big turn-off to many.
Depends on the wallet they can make it primary or secondary and also depends on the user, some like to have an easy access to their wallet so they might like it to be as primary security while some will stick on the old school which is by using private key, seed phrases and alike.

Fingerprint technology are not new but they have been released before in the early smartphones and I think inventors of it already know the issues and vulnerabilities so they probably improve the technology by now. Phones right now holds everything including finances, much more if it's a hardware wallet alone? improving the security is really important for this matter.
hero member
Activity: 1008
Merit: 520
Leading Crypto Sports Betting & Casino Platform
I think fingerprint security is going to be a secondary security measure and access to carry out transactions and the seed phrase or wallet key will still be there if I understand the article correctly but what the new does not contain or I failed to see is the statues of the wallet whether if it's will be a custodial or noncustodial wallet this will give us more clarifications on the fingerprint feature I wallet. As others have rightly said, the fingerprint is not secured security 🔒 feature as fingerprint can easily be bypassed via many means but if it an additional security just like we have in our trust wallet as access means but not for the restoration of the wallet. Placing the fingerprint feature as the key security to the wallet may be a big turn-off to many.
sr. member
Activity: 1036
Merit: 311
incorporating finger print into hardware wallet will be the worst innovation, if Dorsey should finally implement this my candid advice is for Bitcoin user to avoid such wallets because hackers might start working on softwares that can register and save fingerprints that has been captured once and Bitcoin investors will no longer be safe because many might face the risk of finger amputation using a well advance technology to preserve the finger from decay or deterioration
full member
Activity: 1092
Merit: 227
Well if we are talking about the upgradation then why don’t they think about the Retina scans for that matter. If skin looses the elasticity over the age then eyes don’t. They stay as it is until your last breath. Just hope that your eye does not fall off with the time. Lolz.
I think what we have currently is way more than enough as security. May be they can add 2FA by connecting with Google Authenticator or add SIM slot so that it can turn into private network mode and receive the OTP for verification. This way no one has to worry about fingerprints or retina scans.

What say? Cheesy
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I posted in another thread about this, but beyond the good and bad of the fingerprint, they probably want you to use their app & software so they can track you better.

https://bitcointalksearch.org/topic/m.59307599

This is how integrated block / cashapp is within their ecosystem. Do you want to give them knowledge of your BTC spending habits?

-Dave
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
for example...the sensor on the wallet broke or lost the wallet

This made me think on something funny worrisome, although not related to the fingerprint scanner: since it will not have any screen at all, how would somebody get to backup (and restore from) the seed safely offline?!
Quite an odd design, no matter how kind I want to be towards this project. Indeed, I don't see why one would buy this.
full member
Activity: 1092
Merit: 105
Sugars.zone | DatingFi - Earn for Posting
I do not think that many will run to buy this wallet with a fingerprint, because there are many factors that can affect the owner of the wallet independent of him, for example...the sensor on the wallet broke or lost the wallet, it was synchronized with the fingerprint, so far there are more questions.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I’m pretty positive that they’ll use the fingerprint scanner as the default primary security access method, as it is impossible to conceive there being no fall-back method.

Their march edition update status points in this direction, although nothing is a done deal yet:
Quote
As we build the product, we'll evaluate additional access methods that customers could opt into.

One additional thing to consider, and here others will be able to chip in with better contextual knowledge, is whether the authorities can or cannot ask you to unblock the device using biometrics (likely state and/or country related).

I read this article for example, stating that opening a device protected by biometrics could not be demanded under certain circumstances, whilst (see this other one) stated the opposite, and seemed to represent the more generalized stand in the US (as opposed to pins and passwords, which could not be demanded).

See also:
https://medium.com/@GadgetHax/how-to-keep-law-enforcement-out-of-your-face-id-touch-id-devices-92f66299387
newbie
Activity: 3
Merit: 0
Actually, I don't think finger prints are safe to control hard ware wallets despite the fact that it's a good idea. Am afraid it may not be necessary
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Yes there are many security related issues which could be used against the person and turned out to be more dangerous by providing such fingerprint security sensors.

Therefore, it is not clear to me why anyone is thinking in that direction at all, because the negative aspects of biometric methods are, in my opinion, much greater than any benefits.

As i have mentioned in the @OP also like there are some diseases in which person lost his skin tissue and it becomes impossible for them to recover it overtime which means he cannot access his funds so how could it help them?

This could be avoided by adding a PIN to the fingerprint, as is the case on smartphones where in case you fail to unlock the fingerprint device for some reason, you get the option to do so with the PIN you previously set. It often happens to me that I can’t unlock my smartphone with a fingerprint located under the screen (often after washing my hands), but a PIN is always there as an alternative.

Seed phrases are more conventional way of storing the funds as you can have it's backup on steel washers and in many other ways but if you're hardware wallet owner with these sensors life is at stake as you just need one click to unlock the funds so it's not much of good thing to do.

If someone thinks this would give more security, maybe the seed could be combined with a fingerprint, so in case someone steals the seed he has some extra security with biometric data - something like a biometric passphrase - although I don't know how technically feasible.
legendary
Activity: 1974
Merit: 2124
I think that devices like hardware wallets should avoid such methods because such a method is simply not safe and can be misused in various ways. Whether someone comes into possession of your fingerprint and makes an identical copy, or someone forces you to unlock the device that way - all the way to someone doing it while you sleep or you are not fully conscious.

When it comes to replacing a seed with a fingerprint, then it is an even greater nonsense and security threat. I personally would never use such a device, and I believe many others think so too.
Yes there are many security related issues which could be used against the person and turned out to be more dangerous by providing such fingerprint security sensors.As i have mentioned in the @OP also like there are some diseases in which person lost his skin tissue and it becomes impossible for them to recover it overtime which means he cannot access his funds so how could it help them?

Seed phrases are more conventional way of storing the funds as you can have it's backup on steel washers and in many other ways but if you're hardware wallet owner with these sensors life is at stake as you just need one click to unlock the funds so it's not much of good thing to do.

The non-recognition problem that occasionally occurs in security using Fingerprint I have and often experience. That's because the fingerprints are covered by dirt so they can't be read properly. and it will also not work when a fingerprint is damaged, so need to be re-verify.
A fingerprint is currently only security that is paired with several other easier optional security such as Patterns and Numbers.
Maybe security will also be added using 3D Face Recognition LOL.
Nothing will be safe when we make mistakes or negligence as device users.
Sometimes the software the company has installed in the devices to recognise the fingerprint sensor become unresponsive and you can't unlock your device.The other reasons you have mentioned like dirt, sweat and some stickyness on the skin could be resolved easily but some major issues such as skin damage is unresolved.The fingerprints tends to remain the same but they could lose the elasticity if you are involved in some kind of labour work with chemicals involved so how come you solve these issues? The 3D face recognition technology is advanced and we don't know how will they implement it properly as it could also be broken in extreme cases according to me.

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
They also mention the need to hook it up to their new App, but I haven’t seen a reference to it being hookable to other frontends, and bearing in mind that it won’t have a screen, there is that concept of verifying TXs on the device, that you do on most current hardware wallets, that won’t be doable on its own. This feature is one of the ones that builds to the security checks one performs, so I’m not sure how they plan on tacking that.

My first reaction was "this is crap, this is no longer a hardware wallet". (I've said it nicer: "I fear that this HW is designed more for hype than security...")

But at a second thought... I see a paradigm shift towards increased convenience and decrease of security. And it can be OK for somewhats safekeeping non-life-changing amounts of money from internet hackers.
And it may open the need for a new classification of hardware wallets. Because:
* some can transfer data even without cable or NFC (eg with SD card); PIN; screen for viewing tx; open source; Let's say that's security 9+ (although the one I know may be lower security because it can be also used with cable)
* some have cable; PIN; screen for viewing tx; open source or not; secure elements or not; Let's say security 6-8?
* some have NFC; PIN; screen.. maybe security 4-5?
* this one has NFC, no screen for verification; tx seen on online app? security maybe 2-3?

(I know that the security scale is far from best and far from accurate, it's just some sort of idea).


The point is: is this "hardware" wallet safer than using only a software wallet alone? Probably (depending though on how their wallet will look like).
It's clearly not what I expected from the new hardware wallet to come, I will most probably not advise people buy it, still.. well.. it can be somehow seen as a hardware wallet.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
It is now coming to a time someone can be sleeping and another person can just careful hold his finger to unlock his hardware wallet, or should we call it a time coming when robbers can know more about hardware wallet that uses fingerprint, all needed is the person's finger to unlock the wallet. Or maybe other security features will be included that will make these types of things not to happen, but I doubt that. I can never use such a wallet, I will always prefer the ones that only uses password and pin.
sr. member
Activity: 287
Merit: 368
"Stop using proprietary software."
I don't think the fingerprint sensors will be a "key" to control the hardware wallet, probably it's only for second verification that can be enabled or not and can be reset. So, you're still need to input your seed phrases in order to control your wallet. IMO biometric verification isn't a safe and it's something can trigger our identity, if the sensors can know which fingerprint is the owner, someone might know who I'm if I leave a trace of my fingerprint on somewhere.

2FA is enough and better, make sure it's installed (e.g. Authy) on different device.

I was blown to see they are including biometrics on a hardware wallet. If they are, I have strong doubts that this will be the only way to verify. For example, you will not be able to sign a transaction with your fingerprint alone; the verification process would likely include a PIN of some sort.

Like you, I agree having biometrics would not be a very safe way to secure a wallet. Especially when you consider our favorite $5 attacks.
hero member
Activity: 952
Merit: 555
Accessing wallets through fingerprint is a good idea but some certain factors have to be in considerations, first in my opinion is the category of the type of wallet that can support fingerprint, where we have hot wallet recommendable to this such as mobile wallets which have their private keys stored online.

The second consideration is the devise in use and cold storage wallet cannot be consider for fingerprint because it security measure  is high and mostly are desktop wallets which keys are stored on a paper and it usage for fingerprint can not be suitable as in hot wallet
legendary
Activity: 2716
Merit: 1855
Rollbit.com | #1 Solana Casino
-snip-
The fact that using current day devices, with finger print scanners of all sorts (security lock, smartphones, laptops, etc.), render non-recognition issues every now and then (I’ve had recurrent problems with the said devices), certainly goes to show that, leaving aside all good points such as those mentioned in the OP, it cannot be the sole access method, but a complementary one at best.
-snip-
The non-recognition problem that occasionally occurs in security using Fingerprint I have and often experience. That's because the fingerprints are covered by dirt so they can't be read properly. and it will also not work when a fingerprint is damaged, so need to be re-verify.
A fingerprint is currently only security that is paired with several other easier optional security such as Patterns and Numbers.
Maybe security will also be added using 3D Face Recognition LOL.
Nothing will be safe when we make mistakes or negligence as device users.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Dorsey seems to like finger print scanners as part of the solution to secure devices, since around the time the iPhone 5s came out with its first Touch ID implementation.

The fact that using current day devices, with finger print scanners of all sorts (security lock, smartphones, laptops, etc.), render non-recognition issues every now and then (I’ve had recurrent problems with the said devices), certainly goes to show that, leaving aside all good points such as those mentioned in the OP, it cannot be the sole access method, but a complementary one at best.

The battery that is going to be required on the device is another potential point of failure (as we’ve seen with one of its competitors, even though I figure they’ve got that on their mind and plan a (way) better build.

They also mention the need to hook it up to their new App, but I haven’t seen a reference to it being hookable to other frontends, and bearing in mind that it won’t have a screen, there is that concept of verifying TXs on the device, that you do on most current hardware wallets, that won’t be doable on its own. This feature is one of the ones that builds to the security checks one performs, so I’m not sure how they plan on tacking that.
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
I'm glad that they're making an effort to help the community, but it seems like they're doing it to pat themselves on the back more than anything else.  They keep talking about how great the process is going to be to build this thing, but I'm unsure if people really want to own a hardware wallet in the first place.  Sure, maybe for cold storage if they aren't using an intermediary already, but with most people using their phones for purposes like this, I don't think this will be some game changer for crypto.  When your product can be replaced by a piece of paper, you have to wonder how groundbreaking it really is.  I doubt most people will have a need for this, but it's still cool.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I think that devices like hardware wallets should avoid such methods because such a method is simply not safe and can be misused in various ways. Whether someone comes into possession of your fingerprint and makes an identical copy, or someone forces you to unlock the device that way - all the way to someone doing it while you sleep or you are not fully conscious.

When it comes to replacing a seed with a fingerprint, then it is an even greater nonsense and security threat. I personally would never use such a device, and I believe many others think so too.
hero member
Activity: 1064
Merit: 843
I don't think the fingerprint sensors will be a "key" to control the hardware wallet, probably it's only for second verification that can be enabled or not and can be reset. So, you're still need to input your seed phrases in order to control your wallet. IMO biometric verification isn't a safe and it's something can trigger our identity, if the sensors can know which fingerprint is the owner, someone might know who I'm if I leave a trace of my fingerprint on somewhere.

2FA is enough and better, make sure it's installed (e.g. Authy) on different device.
legendary
Activity: 1974
Merit: 2124
So we all know about Jack Dorsey who is the ex CEO of Twitter and his company Square who is bitcoin enthusiast also and have promoted the usage of bitcoin very well.He has came forward in its support like at the Bitcoin event challenging Musk to come and discuss about btc or running a node to implementing bitcoin tip system on twitter to boost the adoption and spread awareness about bitcoin.

But now his company Block has came up with the idea of implementing fingerprint sensors in hardware wallets for the security rather than having the seed phrase which is by the way key to your funds.

Quote
“We believe PINs, passwords, and seed phrases are confusing and often not secure given the workarounds normal people have to create given all the friction,” the company said in a Friday statement. “Instead, to achieve seamless authentication in practice, we plan to incorporate a fingerprint sensor into the wallet hardware.”

Source: Dorsey wants to implement fingerprint sensors in hardware wallets

This is somewhat modern approach and have it's own safety protocols but having the seed phrases in traditional manner is also good and feasible option according to me as there are also limitations to these sensors which cannot be ignored like :

1) What if during an accident there is loss and we can't access our hardware wallets? The seed can be entered securely under these circumstances

2) After your demise how can your family members restore your wallets because you can share the seed phrases but not your finger print sensors

3) The life also becomes risky if someone came to know about your bitcoin funds in hardware wallets and they can access your funds with one click of your thumb

Certain disadvantages of these biometric recognitions :

Quote
Although fingerprints do not change with age, it can be more difficult to capture them in older people. This is because the skin loses elasticity with age, and the patterns become less prominent, especially due to the thickening of ridges and furrows.

Quote
Adermatoglyphia is a sporadic genetic disorder that causes a person to have no fingerprints. People with this disorder have completely smooth fingertips, palms, toes, and soles.

Quote
Certain skin diseases destroy the dermis and epidermis of the skin. Consequently, it becomes challenging for fingerprint recognition systems to recognize the prints of these individuals.

The thing is I am not against the technical upgradation related to security but thinks that some things if done in traditional manner are more effective.Although they have said to elude the tradeoffs but still there are some caches remaining as technology can be used against us also if not taken proper care of.The funds could be at stake but these are all assumptions which might not happen.

There was past thread about this also on the B&H section and many members were also against this so thought of sharing it with you all and ask about your options here.

They have also asked for suggestions so what are your thoughts about this one?
Jump to: