How secured is fingerprint lock on wallet?

[aysg76]

If you consider something like SMS or email 2FA, then such things are very insecure. Often people access these on the same device they are using to log in to the account in question (a phone). Often if one of these things is compromised, then both factors can be compromised, meaning it is not really 2FA at all. An example is an attacker gaining access to your email account; they can now send a password reset email and receive your 2FA code via email, rendering email 2FA useless.

Exactly most of the people have the apps and 2FA security on same device.The device going in wrong hands is usually risky because the 2FA code is with them,if you have some OTP based system then sim card is there and most of them have the exact mail being used in logging in to some apps which is being used in their app store or already logged in mobile.So the risk is at full level.I would recommend using proton mail for security purposes but don't forget password about them.The best is secure your device at the first stage.

2FA using a TOTP generated from a separate device (even better if this device is airgapped) is far more secure.

Although it also has certain limitations but still better than SMS security and as you said on different devices with airgapped system.

Although TOTP is more secure than SMS 2FA, it has some shortcomings in its design. For instance, TOTP codes rely on a shared secret, or “seed,” stored by both the app and the server it’s connected to. If a bad actor manages to recover the shared secret, they can generate new codes at will.

We could see if we are not using the security to otpimal levels then bad actors could easily gain access to our funds and security is compromised.But still TOTP has its own advantages.The security code changes with time to time and you can separate the accounts with names like in Google authenticator but the problem is having them on separate device because no fun of having them on same mobile phone.

More secure still is 2FA using a hardware token, such as a YubiKey. To compromise your account an attacker would need to be able to steal or brute force your password, as well as be able to physically steal your hardware key. This is exponentially more difficult than simply gaining access to an email account.

If you want more secure than passwords or codes, then a hardware key is the way to go.

That's the best thing you could use as authentication and save yourself from phising attacks because if you are using hardware devices as security purposes the risk factors already reduced unless someone gains access to you keys in real life.But you should create backup codes also in case you have lost but it should be offline.

The security features of Yubikey are far more beneficial than regular TOTP and 2FA on mails and SMS as you could have long codes setup and no need to manually type the code as you just have to press the button on the device to login.Every yubikey is also unique so you don't need to worry about it.But it should be remembered there are risk if we are careless.

Yubikey

The security can be compromised on our end but we should always focus on maximising it because once fund lost it's impossible to get them back.We need to be updated with the latest technology to some possible extent we can.

[KingsDen]

If I use a fingerprint lock on my crypto wallet will this add more security to my wallet and recovery seed or just security over avoiding someone to see my wallet balance via operating my phone?

Using a fingerprint lock did not add extra security to your seed phrase or wallet, but it reduces the security and safety of your mobile device and wallet. Example is when you are sleeping, only your finger is needed to unlock your mobile device if you enable fingerprint lock, this will be able to bypass the password or pin, someone can use this opportunity to compromise your device and wallet when you are sleeping. In case of many other attacks, only your finger print would be needed to unlock your device.

With this, I will advice you to just use only password or pin which protect your mobile device than finger print because once a finger print is enabled, your password or pin can be bypassed in most cases. Fingerprint is easy to use but does not add to security and reduce the security of your device.

You narrated the disadvantages of the finger print which is correct. But there are underlying advantages you overlooked. Yes! It is true that finger print does not in any way secure the seed phrases but finger print adds another layer of security and also do these two things below;
1. Some people's memory fail them faster and often, with finger print you will beat that challenge. Like my blockchain and trust wallet pins are more than 4 digits, I can't remember them anymore. But I wrote them down somewhere safe, but I have always been assessing them with my finger print.
2. Again, I might be with my friends or relatives and would want to access my wallet, I wouldn't be hiding to input my password or pin. I'll just use my fingerprint.
These are some of the advantages of fingerprint

[Charles-Tim]

We should start thinking about ways to increase the security of access to accounts, but that this is also done in a simple and secure way.
Is this something possible?

They are all very useful, only sim authentication, email authentication, fingerprint and face scanner are not recommendable. Pin and password for attackers not to be able to have access to your account, 2FA authenticator as an extra layer of protection in case your account login details has been compromised but 2FA OTP required to withdraw. Even 2FA OTP would most likely be demanded for if an attacker wants to login with another IP address and/or another device.

More secure still is 2FA using a hardware token, such as a YubiKey. To compromise your account an attacker would need to be able to steal or brute force your password, as well as be able to physically steal your hardware key. This is exponentially more difficult than simply gaining access to an email account. Even in most cases, new 2FA would b demanded for if new device want to sign in.

Yes, no internet access or other connection, it is actually one of the safest.

The security features of Yubikey are far more beneficial than regular TOTP and 2FA on mails and SMS

Sim and email authentication are not even safe but 2FA using open source apps like Aegis on airgapped device is also safe. Just that using Yubikey can be safe for newbies that are not savvy enough to setup 2FA appropriately.

---snipped---

People should look towards the disadvantage especially if wallet apps can also be accessed using only fingerprint without pattern, pin or password required. Some of the wallet offline hack these days could be as a result of fingerprint. Most people just set it up without thinking about its disadvantages.

[joker_josue]

If you want more secure than passwords or codes, then a hardware key is the way to go.

I agree with you.

But the problem with a hardware key is that it can also be stolen with the mobile device.
They can steal the suitcase, where you have your documents, smartphone, keys, and even the hardware key.

One thing you have to be aware of, when you physically steal equipment, a good part of the security we have in them can be compromised.
All care is little.

When something like that happens, we should change passwords and pins as soon as possible, and if in accounts and applications where possible, log off remotely.

[Charles-Tim]

But the problem with a hardware key is that it can also be stolen with the mobile device.

Hardware wallets are not mobile phones, they contain the keys used to hold coins. Although, the most important is your seed phrase (+passphrase if included) which can be used to regenerate your keys and addresses. Hardware wallets are portable and can be carried about, but this is not advisable.

They can steal the suitcase, where you have your documents, smartphone, keys, and even the hardware key.

Have your hardware wallet in the best possible place you think it is safe (not inside safe or places that can be easily noticed by thieves). Like I implied above, the most important is your seed phrase (+passphrase if included).

One thing you have to be aware of, when you physically steal equipment, a good part of the security we have in them can be compromised.
All care is little.

When something like that happens, we should change passwords and pins as soon as possible, and if in accounts and applications where possible, log off remotely.

If your hardware wallet is compromised, best to send your coins to another address generated by another offline wallet. An offline wallet like paper wallet can be created immediately and send your coins to an address or addresses generated by the paper wallet  and later buy another hardware wallet.

It is advisable to use passphrase with hardware like Trezor, because even if the seed phrase is revealed to the offline attackers, the attacker will not still able to compromise the wallet because different keys and addresses are generated due to the passphrase added to it. Adding passphrase is another protection, but it is needed along with seed phrase during recovery.