"biometrics" Topic

How effective are biometric security protocols?

link

They must be pretty good, I can't get the link to open. :(

nothing is foolproof
YouTube link

You get what you pay for.

Based on my lack of experience and dearth of knowledge with the technology, I expect that the cheap ones are easily fooled if they work at all and the stuff that companies pay big bucks for are probably pretty tight. The stuff the government pays big bucks for is anybody's guess.

"And significantly, the Apple fingerprint is stored only on the device, so there is no database to be hacked."

Uhuh. Sure it is. Sure there isn't.

My fingerprints are in a database somewhere. That means they can be sold and/or duplicated and used….

There are lots of reasons in the US to be fingerprinted
and none of them have anything to do with being booked
on suspicion of a crime.

Serve in the Armed Forces – get anyone of a hundred
different kinds of civilian jobs in government service –
obtain a concealed carry permit – get a PI license

The list, while not quite endless, is very long and
Great War Ace is correct – there's a bunch of databases
out there with the fingerprints…

How effective are biometric security protocols?

That is a bit broad and subjective question, quite like "How good is Scotch?".

That said, some basics. Any security can be hacked (that is, put to the unintended use of granting unauthorized access). Most of the degree of security you get from biometric security systems comes from two sources: (1) the encoding algorithms (which have nothing to do with the biometrics themselves; they would provide the same security using something other than biometric data as a key), and (2) the high volume of compact and relatively easy to control and access data that biometrics provide as a key.

So, think of your fingerprint (basic biometric data) as a really long password that your fingers don't forget. Unless you have some type of hobby where you are continually painting, gluing, cutting, sanding and otherwise mauling the tips of your fingers. :) A reasonably good scanner can get a much longer "password" than you can possibly remember, which makes it much more secure in several (but not all) ways.

Standardization is the enemy of security. Standardization in info tech provides ubiquity, ease of use, and economies of scale. It also makes hacking easier. Much easier. WRT the db of fingerprints (mine are in several), if you scan or digitize the image of the prints differently, you generate wildly different data. This is one of the great challenges in fingerprint matching across databases that requires custom solutions. But it also means if you lock your iPhone with your fingerprint, someone would have to go to a lot of trouble to make DoD fingerprint data on you usable to hack it (there are much easier ways) and that same hack wouldn't work to unlock your Droid using the "same" fingerprints.

The real controlling factors are: (1) what resources does your likely threat have, (2) how much effort does your security require to hack, and (3) what is the value of the data to be gained to that threat. An in-depth security analysis will decompose those issues into a lot of detail (based on specifics) and possibly add a few other lower-impact issues, but it will pretty much be based on that.

Getting back to the OP's article, the most secure thing about a iPhone is the small market share and low value (relative to the effort to hack) of the data protected in them. Basically, iPhones (and their biometrics) are a hobby (I hack for fun) or status (I hack to self actualize in public) hacking market.

Well the UK Home Office has some faith in them. All immigrants under one of the 5 Tiers (Tier 4 is students) are required to submit biometric data and carry a BID (biometric immigration document)