A website or program or whatever would have to be pretty damn important for me to use my fingerprint to access.
Nowadays, laptop, smart phones, tablets and some other stuffs have options to setup and use Finger Prints to access. Personally, I have never used this option, that is terrible in my opinion. At the first glance, it looks like bring more security, but in worst case, we might get big troubles with such security option. Who knows when the Finger Print Features on our devices get troubles, then we might have to spend a lot of time to solve it. I don't like that sort of Finger Print Trap. 
Topic: Login in the forum using your Finger Print (Read 775 times)
Selling your fingerprint data for convenience, though... hm...
Yep, nope, not happening for me. It's great that technology has advanced this far, but we're rapidly getting into 1984 territory here. A website or program or whatever would have to be pretty damn important for me to use my fingerprint to access. If bitcointalk were to require something like that, sorry to say but I'd be outta here. As far as 2FA and all that happy horseshit, ask Binance how that protected them from hacks and how paranoid their customers are right now. I understand the difference between personal security and a website's security (more or less), but some of these measures are just overkill. Fingerprint/retinal scans/facial recognition tech should be reserved for people who can launch nuclear missiles...not for a freakin' discussion forum.
I really dont like the idea. Imagine someone getting access to the database with 100.000s of fingerprints.
This forum is against KYC, except during April fools day, and this suggestion is even more invasive.
You can learn a lot from the comments below and above your post, they keep on explaining that your fingerprints doesn't send to anyone which makes this topic more possible if ever the technology becomes high-tech. Though I also doubt that this can happen in just a year or even 5 years from now but the future will be more good for sure.This forum is against KYC, except during April fools day, and this suggestion is even more invasive.
See this one with a great explanation about your concern.
Most users are posting the same cons against this without knowing how the technology works.
As I said, the fingerprint is not sent anywhere. And the username or email must be entered too.
Simplifying things: you can think of your fingerprint as the password that encrypts the private key used to sign a message. Only the public key (during registration) and the signed message (during logging in) is sent to the server along with the username or email. The private key and fingerprint is not sent, the same as your wallet password and address private keys are never sent anywhere.
Do check this site if you're interested (and do read it before posting here): https://webauthn.io/
As I said, the fingerprint is not sent anywhere. And the username or email must be entered too.
Simplifying things: you can think of your fingerprint as the password that encrypts the private key used to sign a message. Only the public key (during registration) and the signed message (during logging in) is sent to the server along with the username or email. The private key and fingerprint is not sent, the same as your wallet password and address private keys are never sent anywhere.
Do check this site if you're interested (and do read it before posting here): https://webauthn.io/
I wouldn't be opposed to the option (however, I see it as extremely unnecessary), but as a requirement I think it is completely contradictory to what Bitcoin stands for. I enjoy having my anonymity on this forum.
Just make a tough password that no one is going to bruteforce and you should be okay.
Just make a tough password that no one is going to bruteforce and you should be okay.
Biometrics =/= password. Biometrics are more of an username, but the industry developed this backwards standard that will work out just fine one day in the future. I'm certain.
I agree. But I was assuming the password on his shared windows 2000 computer is "god". And that his hotel wifi connection mysteriously requires installing screen share software. In that case it only marginally reduces security. however I think it lowers your security somewhat.
Any proper security expert will tell you that it lowers your security significantly. Use it only on your phone if you really have to as that device gets unlocked the most number of times per day. Do not use it for anything else, never ever.
Biometrics =/= password. Biometrics are more of an username, but the industry developed this backwards standard that will work out just fine one day in the future. I'm certain.
I agree. But I was assuming the password on his shared windows 2000 computer is "god". And that his hotel wifi connection mysteriously requires installing screen share software. In that case it only marginally reduces security. however I think it lowers your security somewhat.
Any proper security expert will tell you that it lowers your security significantly. Use it only on your phone if you really have to as that device gets unlocked the most number of times per day. Do not use it for anything else, never ever.
Biometrics =/= password. Biometrics are more of an username, but the industry developed this backwards standard that will work out just fine one day in the future. I'm certain.
however I think it lowers your security somewhat.
Any proper security expert will tell you that it lowers your security significantly. Use it only on your phone if you really have to as that device gets unlocked the most number of times per day. Do not use it for anything else, never ever.
There is a way in Linux anyway. You can select password protected sites and launch a print reader. however I think it lowers your security somewhat. I was able to defeat my fingerprint reader with a pencil, a bit of white paper, and a some clear tape. If you think in terms of theory a fingerprint password means you leave a copy of your private keys on everything you touch.
I really dont like the idea. Imagine someone getting access to the database with 100.000s of fingerprints.
This forum is against KYC, except during April fools day, and this suggestion is even more invasive.
This forum is against KYC, except during April fools day, and this suggestion is even more invasive.
Although I agree with the idea being silly on a Bitcoin forum the idea of our fingerprints being sensitive is also a silly one. You leave your fingerprints all over where you go on a daily basis. Yet you are not worried about it are you? Its an extreme example but there has already been examples of those with Bitcoin being targeted for their fingerprints. Using your fingerprint for anything is a stupid way to access anything and only belongs in james bond movies and teenagers phones.
I totally agree. I am sure it is possible to lift someone's fingerprint and create some kind of prosthesis with a 3D printer. Although fingerprints have an advantage since they are unique to each individual, (even identical twins have different fingerprints,) I don't think it is feasible to start expecting people to wear gloves everywhere they go as a way to keep their fingerprints "secure." Using a fingerprint as a way to access accounts is about as secure as writing your password on a sticky and sticking it on your computer monitor.
A website relying on third party devices to transmit fingerprint data is not going to work. However verifying fingerprint information locally will be much more secure.
As an FYI, it is not trivial to replicate a fingerprint so that it reasonably appears the same on a fingerprint scanner. What is much easier is transmitting the data from a fingerprint scanner showing the fingerprint is the same.
This is already possible if you have an iPhone.
All you have to do is login to the forum using your password from your phone, and tell your iPhone to save your password. Your password will be saved to your keychain and when you access the login screen in the future, you will be prompted to use your saved password, and if you want to, you will be prompted to use your touch id to access your saved passwords in your keychain.
And in this case you can use the fingerprint safely, because when you use the touch ID, your fingerprints won't leave the iphone, it will just check them to give access to the password manager (at least, this is the Apple communication All you have to do is login to the forum using your password from your phone, and tell your iPhone to save your password. Your password will be saved to your keychain and when you access the login screen in the future, you will be prompted to use your saved password, and if you want to, you will be prompted to use your touch id to access your saved passwords in your keychain.
) So they won't let any 3rd party app access the digital version of the fingerprint stored on the device (only the 3 letter government agencies )Also you leave your fingerprints ~everywhere, and the government could trivially get them by just following you around a little bit.
One thing would stop is fingerprint technology would be used that account sales would stop. It should only be used as an identifier and not password as last month only somebody was able to trick Samsung's device by inserting a fake password and he managed to unlock the device everytime without having to use his own fingerprint. Fingerprints can't be changed by the hacker but but can be copied. For exchanges, this could be useful too.
Even 2FA has not been high in to-do list of theymos, so I believe it is time to lock the topic. Fingerprint is too far from current prioritized things in theymos' to-do list. He likely has never had such idea on fingerprint, but something might pop up next April Fool.
That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.
I'm just wondering if its possible to have this kind of system where you just need to scan your finger print and you will be login directly to your account.
I'm talking about this one using our mobile phones since most of the phone now have their own finger print technology, and i usually used my phone to work on this forum. Any violent reactions or any clarification are really appreciated. Thank you.
I'm talking about this one using our mobile phones since most of the phone now have their own finger print technology, and i usually used my phone to work on this forum. Any violent reactions or any clarification are really appreciated. Thank you.
This is only possible if someone is making an app version of the forum. I dont think its a burden if you are loging in using your username, password and reCaptcha everytime you want to visit the forum but getting an app will be much better. Also, your browser has its own history so you can log in without retyping. Dont be that lazy its a part of the job.
I don't think it's even necessary, you just login once and save details your browser will take care of it, if you worried about security then you can use fingerprint as lock.
Most users are posting the same cons against this without knowing how the technology works.
As I said, the fingerprint is not sent anywhere. And the username or email must be entered too.
Simplifying things: you can think of your fingerprint as the password that encrypts the private key used to sign a message. Only the public key (during registration) and the signed message (during logging in) is sent to the server along with the username or email. The private key and fingerprint is not sent, the same as your wallet password and address private keys are never sent anywhere.
Do check this site if you're interested (and do read it before posting here): https://webauthn.io/
As I said, the fingerprint is not sent anywhere. And the username or email must be entered too.
Simplifying things: you can think of your fingerprint as the password that encrypts the private key used to sign a message. Only the public key (during registration) and the signed message (during logging in) is sent to the server along with the username or email. The private key and fingerprint is not sent, the same as your wallet password and address private keys are never sent anywhere.
Do check this site if you're interested (and do read it before posting here): https://webauthn.io/
Although I agree with the idea being silly on a Bitcoin forum the idea of our fingerprints being sensitive is also a silly one. You leave your fingerprints all over where you go on a daily basis. Yet you are not worried about it are you? Its an extreme example but there has already been examples of those with Bitcoin being targeted for their fingerprints. Using your fingerprint for anything is a stupid way to access anything and only belongs in james bond movies and teenagers phones.
I totally agree. I am sure it is possible to lift someone's fingerprint and create some kind of prosthesis with a 3D printer. Although fingerprints have an advantage since they are unique to each individual, (even identical twins have different fingerprints,) I don't think it is feasible to start expecting people to wear gloves everywhere they go as a way to keep their fingerprints "secure." Using a fingerprint as a way to access accounts is about as secure as writing your password on a sticky and sticking it on your computer monitor.
This is already possible if you have an iPhone.
All you have to do is login to the forum using your password from your phone, and tell your iPhone to save your password. Your password will be saved to your keychain and when you access the login screen in the future, you will be prompted to use your saved password, and if you want to, you will be prompted to use your touch id to access your saved passwords in your keychain.
And in this case you can use the fingerprint safely, because when you use the touch ID, your fingerprints won't leave the iphone, it will just check them to give access to the password manager (at least, this is the Apple communication All you have to do is login to the forum using your password from your phone, and tell your iPhone to save your password. Your password will be saved to your keychain and when you access the login screen in the future, you will be prompted to use your saved password, and if you want to, you will be prompted to use your touch id to access your saved passwords in your keychain.
) So they won't let any 3rd party app access the digital version of the fingerprint stored on the device (only the 3 letter government agencies )
Even if such feature were to be implemented, I would not do it for the sake of convenience. I am not willing to sacrifice personal data for convenience. No matter how secure a network can be, it is still prone to malicious hacks and malware that can be accesses by anyone.
Imagine if the forum were to be hacked and they get a hold of each of every member's fingerprint.
Imagine if the forum were to be hacked and they get a hold of each of every member's fingerprint.
I'm just wondering if its possible to have this kind of system where you just need to scan your finger print and you will be login directly to your account.
The idea seems nice but the vulnerability involve is high and I think having a personal code or the implementation of google auth is still better.I'm talking about this one using our mobile phones since most of the phone now have their own finger print technology, and i usually used my phone to work on this forum. Any violent reactions or any clarification are really appreciated. Thank you.
I'm just wondering if its possible to have this kind of system where you just need to scan your finger print and you will be login directly to your account.
I'm talking about this one using our mobile phones since most of the phone now have their own finger print technology, and i usually used my phone to work on this forum. Any violent reactions or any clarification are really appreciated. Thank you.
I'm talking about this one using our mobile phones since most of the phone now have their own finger print technology, and i usually used my phone to work on this forum. Any violent reactions or any clarification are really appreciated. Thank you.
Why would you want to give such private information away ? What is wrong with signing in with a complex password and 2FA for security ?
Do you really want a scan of your fingerprint circulating on the internet ?
Bitcointalk has been hacked three times already https://bitcointalksearch.org/topic/bitcointalk-history-of-hacks-and-vandalism-4405796
There have been 6 major exchange hacks already in 2019. Anything crypto is a target for hackers.
Besides - someone can easily replicate your fingerprint or intercept the data containing the digital version of your fingerprint.
Jump to: