Biometric BTC wallet?

[bartekjagoda]

Is there any biometric wallet (i am not talking about simple FaceID or TouchID login usage) for crypto wallets?

I have been looking but not found any good solutions.

Anyone?

[AB de Royse777]

Not sure. But the concept is nice :-D

Imagine a wallet that will ask to scan your retina before broadcasting a transaction :-P

Now, wouldn't it be easier to steal your coins? One only need your retina to rob your coins /s

[Rath_]

Do you mean generating and backing up a wallet using, for example, a single fingerprint? There are no such wallets and they would be extremely insecure anyway. It would be fairly easy to force you to restore your wallet.

Imagine a wallet that will ask to scan your retina before broadcasting a transaction :-P

Samsung Galaxy S8 and S9 have a retina scanner. Blockstream Green Wallet supports such a way of unlocking a wallet.

[NeuroticFish]

I've read on reddit that Mycelium should have fingerprint support on iOS.
And on Android.. well.. a later post there makes sense: the device is already encrypted - whether with your passphrase or fingerprint or whatever...

[HCP]

Now, wouldn't it be easier to steal your coins? One only need your retina to rob your coins /s

Talk about getting robbed "blind"!

[bartekjagoda]

I've read on reddit that Mycelium should have fingerprint support on iOS.
And on Android.. well.. a later post there makes sense: the device is already encrypted - whether with your passphrase or fingerprint or whatever...

Well, you cannot read info from the IOS or Android touchID of faceID as the system blocks you from accessing the data... You can only get a confirmation that
the finger is used to unlock the phone, but would not be able to generate the code on the fly

[AB de Royse777]

Talk about getting robbed "blind"!

Exactly :-P

It would be fairly easy to force you to restore your wallet.

All jokes aside, this was the whole point.

[bartekjagoda]

It would be fairly easy to force you to restore your wallet.

All jokes aside, this was the whole point.

What if you salt it with other data, it would not be that easy.

The question remains, no solution on the market?

[jackg]

I imagine retinal scanning is bad for long term storage (does it use blood vessel arrangements)?

I wouldn't mine my private keys being generated by dna, but that'd have to come from blood for it to be fairly accurate...

Finger prints and faceid aren't very good and neither are pins for security reasons... I don't know if scanning every finger ever becomes possible then that would be well secured but the issue with biometric scanning is that your data probably won't be encrypted as it can't encrypt them if it's using a pattern matching algorithm.

[bitmover]

The way blockchain is designed, what matters is only the private key.

A retina or finger print or whatever would just be a second layer of security, which wouldn't do much if the stealer has the private keys.

[o_e_l_e_o]

I imagine retinal scanning is bad for long term storage (does it use blood vessel arrangements)?

Correct, and there are various pathological process which can either alter your retinal vasculature, or prevent the machine from properly scanning your retinas.

I wouldn't mine my private keys being generated by dna, but that'd have to come from blood for it to be fairly accurate.

DNA can be accurately sequenced from pretty much any cell, which is why using it is a bad idea. We all shed hair and skin cells constantly. An attacker would only need to take a swab from something relatively clean that you've recently touched (like a disposable coffee cup or food wrapper) to have a fairly high chance of being able to sequence your DNA.

Face and iris scanning have been spoofed with pictures before. Fingerprints can be lifted from anything you've touched.

Biometrics really aren't all that secure.

[bones261]

Biometrics really aren't all that secure.

That's because Biometrics supposed to offer convenience and it's only secure against non-physical attack.

   It depends on the Biometric used. Fingerprints are not that secure because a person leaves those everywhere. I'm sure someone can lift a fingerprint and create something that can fool a scanner. DNA is really not that secure either, since a person leaves traces of their DNA everywhere they go. Facial recognition is not secure either, since someone can easily capture your image, and use that to fool a scanner. I suppose a retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that. It's not impossible though.
   Naturally, as you imply, all biometric security is overridden by the five dollar wrench attack. Since a person only has one set of biometrics, they can't even set up a dummy wallet, effectively. I suppose someone could use a different finger/thumb print to set up ten wallets. However, a smart criminal will simply have you try all ten fingerprints.

[Rath_]

I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.

Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed.

[bones261]

I suppose retinal scan can be pretty secure. It is somewhat difficult for a person to get a copy of that.

Well, even a retina scanner can be easily fooled if you take a photo of a victim with a proper camera (infrared night vision setting needs to be turned on). That's how Samsung security can be bypassed.

Thank for pointing that out. Therefore, I would not use a BTC wallet that is secured by biometrics. I do not plan on wearing some kind of suit and mask that prevents my biometric data from being copied.

[Pmalek]

I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.

[dkbit98]

I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.

It is very easy to duplicate fingerprint in gelatin or some similar material and make a 'backup'
but then again same can be used by hackers, so I also don't think fingerprint alone is bets for securing crypto wallet.

Please read this article of data leak that exposed biometrics of over 1 million people!
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376

[kalus]

I am using Edge wallet, which provides password + TouchID security for currency i want to carry around.  this is not how i'd carry the bulk of my savings, but for me it is an optimal security/convenience compromise for everyday amounts.

I rely on TouchID becuase the biometric data is stored on the secure enclave chip on the iphone.  This is also secure enough for most of my everyday activities.  However, i never got a FaceID phone and i'm in no rush to upgrade, so i understand the aversion to this technology at least.

[bartekjagoda]

I would never use a fingerprint as a way to secure my crypto holdings.
The quality of your print can change as years go by. A close family member of mine had difficulties getting a new ID because more than 80% of the quality of the fingerprint was lost. He works with hot water which is probably the reason his prints are almost gone. Securing your assets that way could mean trouble someway down the road.

It is very easy to duplicate fingerprint in gelatin or some similar material and make a 'backup'
but then again same can be used by hackers, so I also don't think fingerprint alone is bets for securing crypto wallet.

Please read this article of data leak that exposed biometrics of over 1 million people!
https://www.technologyreview.com/f/614163/data-leak-exposes-unchangeable-biometric-data-of-over-1-million-people/?utm_medium=tr_social&utm_campaign=site_visitor.unpaid.engagement&utm_source=Facebook#Echobox=1565802376

Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?

[o_e_l_e_o]

Well, you could hack a trezor or fake an electrum update, so WHY is this idea so much worse?

Because to lose my funds via Electrum I would need to download a fake wallet, forget to verify it, install and use it without doing any due diligence. I'm not that stupid. To lose my funds via a hardware wallet I would need to stop using a passphrase, again use some fake software or maybe let someone else gain physical access to my device, give away my PIN or seed, or something similar. I'm not that stupid.

To lose my funds via a biometric wallet, an attacker only needs a photo of my face or anything I've touched, from a hand rail to a door handle to a bottle of juice. Unless you plan on wearing gloves and a full face covering 24/7, biometrics are far more easily hackable.

[bob123]

Well, you could hack a trezor

How would you do this ?
Circumventing fingerprint security measurements is relatively easy and it has been mentioned how it can be done.

So.. how would you hack a trezor ?

or fake an electrum update

How would you fake the signature ?
I mean.. people who don't verify the signature are at risk.. yes. But that's not how you update electrum. You always have to verify the pgp signature.

So.. how would you do this ?

WHY is this idea so much worse?

Because there are easy attack vectors and risk of losing access (all has been mentioned in this thread already).

If you can argue against electrum updates or trezor being hackable the same way with the same level of complexity (very low), then it is not much better.
But as long as you can't, both are definitely better than a fingerprint secured wallet.