• YearOfTheCommieDesktop [they/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 year ago

    to be fair the way most fingerprint scanners are implemented it isn’t possible to extract the actual fingerprint (that I know of). but with a malicious device I guess they probably could procure a different type of scanner

    Agreed tho I will stick with a master password I know and a hardware token that I have, probably until I die, unless something way better comes out that doesn’t allow legal compulsion

    • SILLY BEAN@lemmygrad.ml
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      that true, and i guess it is worth mentioning that many physical passkeys use fingerprint scanners. the only difference is that your fingerprint never gets send on the internet at all

      • YearOfTheCommieDesktop [they/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        yeah, once you get into identifying users across devices with fingerprints I get way more skeptical. But local-to-device fingerprint scanners usually just generate and match identifying material internally, if anything goes to the host OS it’s just like, a hash or something, iirc.