How secured is fingerprint lock on wallet?

[bakasabo]

I don't know why too many people didn't believe the fingerprint technology, it has been widely applied in all aspects and security, If that technology has not safe, no one is developing it anymore.

What about such technology only being demanded, because it is convenient for users? It is not most safest, but most convenient to use for a regular user. If technology nowadays allow to use such security method, then same modern technology allow to bypass it or create a copy of persons fingerprint. Everyone saw in movies how it is easy to create a copy of a fingerprint with just a adhesive tape. With a use of 3d printer, I think it is possible to create a copy of persons finger.

Fingerprint protection is not insured against cases, when a person looses finger, or fingerprint becomes unreadable. It can be burned by acid, or you can get multiple skin cuts and you would have to wait days or weeks before recovery. I would not take such risk.

[joker_josue]

Everyone saw in movies how it is easy to create a copy of a fingerprint with just a adhesive tape. With a use of 3d printer, I think it is possible to create a copy of persons finger.

Fingerprint protection is not insured against cases, when a person looses finger, or fingerprint becomes unreadable. It can be burned by acid, or you can get multiple skin cuts and you would have to wait days or weeks before recovery. I would not take such risk.

Not everything is as simple as it appears in the movies. In addition, it is not enough to take the fingerprint with an adhesive tape, nor a simple 3D printer. Even in the movies, a combination of necessary techniques is shown, which is not easy for most people.

Real life is not so lively, and there are no high-tech criminals around the corner. Doing this type of theft requires extreme planning and is not an occasional theft. And in this case, no matter the security technology used, in such a plan there will always be a way to overtake.

In addition, the fingerprint never works alone, there is always a pin or password associated with it. If there is a problem with the finger, there is always an alternative.

[Chikito]

In crypto wallets, the fingerprint function is only to provide speed for transactions carried out without having to manually use a PIN. and for security remains on the private key wallet storage. It is even safer to use a hardware wallet, because mobile wallets are more susceptible to viruses even though they use fingerprints. Hardware wallet that applies Fingerprint Biometric technology that I know is D'CENT
https://dcentwallet.com/

I watched on youtube, That HW is replaced the PIN Function with a fingerprint. That's good progress I think. I hope when fingerprints not functioning properly, they have a backed manual PIN.

I don't know why too many people didn't believe the fingerprint technology, it has been widely applied in all aspects and security, If that technology has not safe, no one is developing it anymore.

What about such technology only being demanded, because it is convenient for users? It is not most safest, but most convenient to use for a regular user. If technology nowadays allow to use such security method, then same modern technology allow to bypass it or create a copy of persons fingerprint. Everyone saw in movies how it is easy to create a copy of a fingerprint with just a adhesive tape. With a use of 3d printer, I think it is possible to create a copy of persons finger. 

That is the point, I still don't believe all the tricks done by the movie. I ever try what the movie did, I tried to duplicate my fingerprint using silicone, but it didn't work when trying on my phone. It also depends, on when the all-important thing is inside, I think the user will keep his finger safe from burning.

[o_e_l_e_o]

Not everything is as simple as it appears in the movies. In addition, it is not enough to take the fingerprint with an adhesive tape, nor a simple 3D printer. Even in the movies, a combination of necessary techniques is shown, which is not easy for most people.

Actually, you don't even need special tape at all. A simple phone camera and a 3D printer were enough to create a working fingerprint replica simply from a photo of a fingerprint which could fool even ultrasonic scanners, and all in <15 minutes: https://imgur.com/gallery/8aGqsSu

I don't know about you, but I don't fancy having my phone or my wallets secured by something which can be reliably broken in 15 minutes. I'll stick to my long and complex passwords which will take several millennia to brute force, thanks.

[Taskford]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

The risk is when your hands is severely injured and you cannot do finger print unlocking but if you are confident that there's nothing will happen to you, also you can spend less time to do unlocking just for the sake of security then do it if you can feel more secure for doing tha. But for me I will just make sure my phone is well secured and away from burglars or other things that can harm it since I find those thing hassle especially when keeping up opening my phone from time to time.

[Pmalek]

<Snip>

A more worrying thing to me is not that someone can steal my crypto by unlocking my phone while I am asleep, but who could get access to those fingerprints if they were leaked. Smartphones are apparently not storing biometric data in some centralized servers somewhere in the world. It's said that the fingerprints get encrypted and stored locally on your phone. But who can verify and trust that information just because they claim that is the truth?

Smartphones look like the perfect honeypots to gather fingerprint info on millions of users worldwide. Not only that, but we give phone apps the permissions to access storage, data, and other things. Who knows what data Google, Facebook, and other companies are acquiring from our phones!?

[joker_josue]

Actually, you don't even need special tape at all. A simple phone camera and a 3D printer were enough to create a working fingerprint replica simply from a photo of a fingerprint which could fool even ultrasonic scanners, and all in <15 minutes: https://imgur.com/gallery/8aGqsSu

I don't know about you, but I don't fancy having my phone or my wallets secured by something which can be reliably broken in 15 minutes. I'll stick to my long and complex passwords which will take several millennia to brute force, thanks.

What I'm saying is that for this whole process, it's necessary to steal the phone and fingerprint. This demonstration was done under ideal conditions. Of course it does. And don't forget that the system used in most smartphones is far from the best fingerprint technology.

Either way, I'm not saying fingerprints are more secure than PINs or passwords.

In addition, even the latest technology can unlock phones, if you have access to the hardware. No matter what security system you use, if the criminal has access to the hardware, he may be able to access your data if he has the right tools.

The warning I give is that the person consciously uses the technology at his disposal.

[Rikafip]

I don't know why too many people didn't believe the fingerprint technology, it has been widely applied in all aspects and security, If that technology has not safe, no one is developing it anymore. it's the same as a PIN or Password, it also depends on how much care you protect.

I don't think that its the same as a PIN or password protection. While you can make it much harder or almost impossible for thieves to penetrate your phone/wallet by using a proper password, you can't do anything about your fingerprint. Phone scans it and that's about it, there's no way for you to make it more sophisticated and there lies the problem.

In crypto wallets, the fingerprint function is only to provide speed for transactions carried out without having to manually use a PIN

That's not necessarily true. For example, if you enable biometrics in some mobile phone wallets like Blockchain, it automatically offers it as way to log in into wallet meaning you just made it less secure.

[Charles-Tim]

I watched on youtube, That HW is replaced the PIN Function with a fingerprint. That's good progress I think. I hope when fingerprints not functioning properly, they have a backed manual PIN.

Although, not a new technology but yes, it is a good progress to many people, but not to people that are conscious about security, because such people will decide not to use it as it makes their hardware not to be secure at all. Going for only pin would be the better way.

That is the point, I still don't believe all the tricks done by the movie. I ever try what the movie did, I tried to duplicate my fingerprint using silicone, but it didn't work when trying on my phone. It also depends, on when the all-important thing is inside, I think the user will keep his finger safe from burning.

There are a lot that still happening in movies, like plucking someone eyes for eyes recognition and also plucking someone's finger for fingerprint recognition. These two can work out. Yet best to go for Pin, password or pattern.

The easier it becomes the lesser the security.

[Hyphen(-)]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

It's a form of adding extra security to your wallet, meaning you are trying to avoid everyone from seeing you wallet balance. Wallets like trust wallet, phone fingerprints is not enough for security because supposing you add your private key to the Trust wallet, once someone is able to access your top security on the Trust wallet, he or she can have access to your private key, which is not safe.

[bakasabo]

Everyone saw in movies how it is easy to create a copy of a fingerprint with just a adhesive tape. With a use of 3d printer, I think it is possible to create a copy of persons finger.

Fingerprint protection is not insured against cases, when a person looses finger, or fingerprint becomes unreadable. It can be burned by acid, or you can get multiple skin cuts and you would have to wait days or weeks before recovery. I would not take such risk.

Not everything is as simple as it appears in the movies.

I know, but this is the first step to start trying to trick recognition system and sensors. If we already think about several ideas how to bypass such security, and DroomieChikito even tried some of the tricks, then people with resources can achieve more. I think that if security system has already weak points during discussion period, then it is no use using it, as criminals creative mind will find a way to bypass it.

[Findingnemo]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

In my opinion biometric security is less secure compared to the random long password because someone can force you to out fingerprint but getting password out of your head is almost impossible unless you tell them. But no matter what kind of password either its random characters or fingerprint you have to be careful if you hold millions worth of cryptocurrencies there.

[BitKongy]

Fingerprint locks on mobile phone will keep people away from operating your phone at your back but mind you it has nothing to do with keeping your recovery seed or private key safe.

[qwertyup23]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

It does add an extra layer of protection on your part. Think of it as like a 2-factor authenticator; before you can log-in with your account, it asks for more information and authenticator by inputting the code sent to your phone/email.

Like what Rikaflip also mentioned, it is also a matter of convenience on your end where you get to see your BTC wallet balance on your account. The best way of getting protected is still not spilling your private keys in your wallet except to one trusted member of your family to add a layer of contingency in the event that some unfortunate event happens.

[Dunamisx]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

This can only add more to the security of your wallet if you are using a 2fa verification, meaning that it will require your fingerprint first to access imputing the password, but I will advise you to always have two security measures to log into your wallet, things can be wrong with your hand or scanner atimes and the mobile as well can develop fault with time, but having a 2fa verification will guarantee maximum protection to your wallet.

[Foolhardy]

It is better to be safe than sorry. Adding a layer to your security only protects you from further risk since there are many fraudsters or scams out there, you can never fully trust anything. I suggest you go retro and use a pin and password to have full control of your wallet at all times, even when you're asleep.

[Oshosondy]

suggest you go retro and use a pin and password to have full control of your wallet at all times, even when you're asleep.

That is true, it is better to use a password instead, using fingerprint is not safe like using password, but the security is not about control. If you are talking about control, what about people that are using custodial wallet, no matter how their device security is, they are using a centralized wallet and do not have full control. Having on password is just about security.

[Pmalek]

It does add an extra layer of protection on your part. Think of it as like a 2-factor authenticator; before you can log-in with your account, it asks for more information and authenticator by inputting the code sent to your phone/email.

Here is the problem with 2-factor authentification that you mentioned. Many people don't use it as such. 2FA is only effective if the device you receive your codes on is separate from the device you use when you are logging in to a site or service. For example, if you log in to an exchange via your PC, your mobile phone can be a 2FA device. But if you are using your phone to access your exchange account and that same phone stores your 2FA codes, that's not a proper use of the second factor. You need a secondary phone for your 2FA codes. That way, both devices need to be compromised for someone to hijack your 2FA-protected accounts. Accessing everything from one device is a 1-factor+ authentification system. 

[joker_josue]

Here is the problem with 2-factor authentification that you mentioned. Many people don't use it as such. 2FA is only effective if the device you receive your codes on is separate from the device you use when you are logging in to a site or service. For example, if you log in to an exchange via your PC, your mobile phone can be a 2FA device. But if you are using your phone to access your exchange account and that same phone stores your 2FA codes, that's not a proper use of the second factor. You need a secondary phone for your 2FA codes. That way, both devices need to be compromised for someone to hijack your 2FA-protected accounts. Accessing everything from one device is a 1-factor+ authentification system. 

These factors, which you mentioned, show that although 2FA is a good security system, it is not the most practical and the best.

I think you have to start thinking about ways to access accounts, better than passwords, codes, 2FA, etc, since they are increasingly outdated methods and require users to access platforms more and more complicated/difficult.

We should start thinking about ways to increase the security of access to accounts, but that this is also done in a simple and secure way.
Is this something possible?

[o_e_l_e_o]

These factors, which you mentioned, show that although 2FA is a good security system, it is not the most practical and the best.

Not all 2FA is created equally.

If you consider something like SMS or email 2FA, then such things are very insecure. Often people access these on the same device they are using to log in to the account in question (a phone). Often if one of these things is compromised, then both factors can be compromised, meaning it is not really 2FA at all. An example is an attacker gaining access to your email account; they can now send a password reset email and receive your 2FA code via email, rendering email 2FA useless.

2FA using a TOTP generated from a separate device (even better if this device is airgapped) is far more secure.

More secure still is 2FA using a hardware token, such as a YubiKey. To compromise your account an attacker would need to be able to steal or brute force your password, as well as be able to physically steal your hardware key. This is exponentially more difficult than simply gaining access to an email account.

If you want more secure than passwords or codes, then a hardware key is the way to go.