No, your fingerprint is not a secure password

,

finger print electronic signature

Just put your finger on the home button of your phone and you can not only unlock the phone itself but also all kinds of apps. Including banking apps and apps such as LastPass. Well isn’t that just swell!? So convenient. Now you don’t have to remember all those pesky passwords anymore. Think again. Using your fingerprint to access sensitive data is a very dangerous trend which you might not want to follow.


They’re everywhere

Unless we spend our lives gloved, we constantly put our mark on everything we touch. This means that every place you’ve been is covered with your fingerprints. Now imagine that you write your favorite password on everything you touch. Seems like a bad idea, doesn’t it? Passwords are supposed to be secret, that’s why they (sort of) work. A fingerprint is all but secret; it’s always on display.


What can they do with your print?

Someone having access to your fingerprints is not as innocent as it seems. This was proven by the gentlemen of Mythbusters. They “stole” the fingerprint of one of their colleagues and tried several techniques to fool the technology the victim guards with his print. All of which worked, including a piece of paper with a photocopy of the print.

Even better/worse: a hacker known as Starbug managed to steal the fingerprint of German defense minister Ursula von der Leyen off a photo he took himself from three meters distance combined with a photo from a press release. No physical contact or even access to her actual print was necessary.


Unchangeable

There is a fair chance that you were hacked at some point in your life. Maybe you were notified of it or you might not have noticed if it was an account you don’t care about much. Unfortunately, security breaches happen and the first thing you’re asked to do when they happen is to change your password. Good luck changing your fingerprint. You’re stuck with them for the rest of your life. This means that once someone has got a hold of your print, or any other biometrics, they will be able to access everything you “protect” using it, forever.


If not a print, then what?

Alright, fingerprints are not an option if you want to securely protect any kind of data. Is the password really the best option? For now, at least, yes. Passwords are your best option. For one, it is locked inside your brain where it’s hard to access without your knowing consent. Even if someone gets a hold of your password, you can just change it.

Do you have doubts about the strength of your password? Is it as secure as it can be? Probably not. Let me help you along a little bit. As this comic explains, we’ve all been using passwords that are hard to remember but easy for computers to guess. It argues that you’d be much better protected when choosing three random words, link them together in your brain somehow and use that as a password.

Another point of view is offered by hacker Kurt Muhl. He urges us to choose a whole sentence such as “I bought my house for $1”, take the initials of each word and which leaves you with Ibmhf$1. According to Muhl a strong password thanks to its uppercase and lowercase letters, number, and special character. This password would also be immune for attacks through dictionary lists. These are enormous files that hackers share amongst each other that contain words, numbers, phrases and common passwords. These are put into a system that automatically starts trying out all of the possibilities until it finds a match.


Safe, safer, safest?

A password is safe, a good password is safer but what is the safest option out there? At the moment this seems to be two-factor authentication. Two-factor authentication means that a certain account requires more than one piece of evidence before access is granted. This often means a password and a code that is sent to your phone or that you can access through an app. Other options are a USB stick that needs to be presented or scanning a QR-code on your computer screen using your mobile phone as can be seen in this video.

However, there is currently no one method that is 100% secure. Companies often use a combination of methods and keep constant tabs on their cybersecurity to make sure there are no leaks. The big mistake many make is to think that when there’s no way to completely protect oneself from hacking, there is no point in even trying at all when of course we should do all we can to make it as hard as possible for people with malintent.


Why do we care so much?

You might very well be wondering why a company that makes software to electronically sign documents, cares so much about your data. The answer to this question is simple: because people send sensitive data through our system every minute of every day, cyber security is our number one priority. We take all possible measures to secure our end of things, all we can do is educate you on how to take care of yours.

Do you want to know more about the security measures we take to protect the data of all our users? Read more about it here. To activate your two-factor account with SignRequest have a look here.



Other interesting articles: