biometrics authentication not entirely secure?

[Amphenomenon]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.
There are several ways which this can be done :

• By using fake generated biometrics
• Stealing someone's biometrics from database

• using deepfake technology
• finding means of bypassing biometrics check

Will like to know though if biometrics authentication can be made more secure

[hugeblack]

When you say safer, what do you mean? What does it mean that the private key is encrypted using your biometrics? Or encrypt the password so that decryption is done using biometrics or just a tool to unlock the wallet using your biometric data? or create wallet seed using your biometrics?

There are a lot of wallets that you can unlock or decrypt using a fingerprint or eye, but the question is how can this enhance protection?

[un_rank]

Will like to know though if biometrics authentication can be made more secure

Bio-metrics is an insecure way of protecting your assets, it provides less security than a password or a pin. Bitcoin does not need biometric authentication to become more secure, so we do not need to discuss ways to make it more secure.

Explore existing ways to make bitcoin more secure such as avoiding electronic back ups, using fully airgapped device and generating keys safely.

- Jay -

[eaLiTy]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.

The biometric security is safe as long as the company storing the data is well calibrated to avoid any major hacks. If you are planning to securely store your cryptocurrency, always go for a hardware wallet or a cold wallet rather than storing your coins in any online wallet in your mobile, it is not secure even with biometric facility as it is easier to hack a mobile and hijack your biometric data stored in it.

[pawel7777]

When you say safer, what do you mean? What does it mean that the private key is encrypted using your biometrics? Or encrypt the password so that decryption is done using biometrics or just a tool to unlock the wallet using your biometric data? or create wallet seed using your biometrics?

There are a lot of wallets that you can unlock or decrypt using a fingerprint or eye, but the question is how can this enhance protection?

Biometrics could work well but only as a second layer of security (i.e. as a 2FA), but generating wallets from fingerprints or eye scans is probably a horrible idea. They could be easily replicated, or you could lose access to it i.e. if you burn or cut your finger, leaving scars that change your prints etc.

[kamvreto]

~snip~

• using deepfake technology

Deepfake technology has the potential to create highly realistic video and audio that can be used to bypass biometric authentication systems. In this case, a deepfake can manipulate video or sound so that the biometric authentication system is unable to distinguish between genuine and fake.
To avoid this problem, it is important to use more sophisticated biometric recognition technologies and verify user identity with other authentication methods, such as multi-factor validation. The system should also have mechanisms in place to monitor and identify abnormal behavior, such as hacking attempts or unauthorized access.

This shows that while biometric recognition technology can be a secure and practical solution for authentication, it is important to continuously monitor and update the technology and ensure that security systems are kept up-to-date and effective.

[theskillzdatklls]

Biometrics are absolutely not a good end all be all solution. Perhaps as part of a 2FA, it could be considered. But you posted the drawbacks. They can be stolen from people, then what?

I think really what society needs are two major fundamental solutions. Cold storage for people sophisticated enough to do this and accept the risk with doing so. And custodial (banking) type solutions for people that are not.

Similar to how someone can have cash in their position if they want to or use the banking electronic system if they want to.

[PX-Z]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.
There are several ways which this can be done :

It's secure but not unhackable, well everything is, but it All depend on the practice on how it can be implemented and it needs another layer of security. Software dependent on biometric security is probably easy to get compromised.

[GreatArkansas]

I think biometrics authentication we have now on some cryptocurrency software or apps is only for local device, it will be only secure you to someone using your device to do something on app that where you set up the biometrics authentication, overall if your private keys, password, email that connected to some apps or software are compromised, your biometrics authentication is useless.

[Hispo]

I think biometrics authentication we have now on some cryptocurrency software or apps is only for local device, it will be only secure you to someone using your device to do something on app that where you set up the biometrics authentication, overall if your private keys, password, email that connected to some apps or software are compromised, your biometrics authentication is useless.

I was about to mention it.
Even if there was a decentralized way to apply biometrics within the blockchain for authentication and security purposes, still people would not feel comfortable with such data being out there, so a way to solve it could be encrypt it with our own private keys.
However, that would bring us to the beginning of the issue: we already use private and public keys so verify our identity, so it is pointless to add the biometrics aspect in that manner.

[DaveF]

There is a lot of wiggle room here.
Consumer grade biometric things are not secure think cell phone, cheap fingerprint scanner for door access.
There are better ones that you can get for securing physical access to things but they get expensive quick (read $1000s and $1000s)

But, as a 2nd form of security for small amounts of crypto they are fine. You should not store any life altering amounts of money with just that as security.
The amount will vary person to person. What I care a lot about and consider life altering amounts of money is what Bill Gates would not waste his time looking for if he did not remember where he left it YMWV on the amount. But it's all the same in the end for using fingerprint or face recognition for security.

-Dave

[xSkylarx]

There are still a lot of things to discuss here, not just those bullet points you stated, as it is almost the same as how they hack our wallets with passwords. Biometrics could be used, but only in the 2nd layer of protection, meaning that after entering the password, it needs 2FA, and after that, biometrics, but the problem is that some people are lazy, and those processes to open the wallet are a lot. Biometrics alone can't be implemented only one as it would be easy for the hacker to get, but if it has another layer of security, it would be good.

[Sarah Azhari]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.
There are several ways which this can be done :

• By using fake generated biometrics
• Stealing someone's biometrics from database

• using deepfake technology
• finding means of bypassing biometrics check

Will like to know though if biometrics authentication can be made more secure

I just look at the movie spy on how the cheater triking biometrics authentication on system security. And, I still don't know today if that is true, because we know the movie is full of drama and intrigue. So, If biometrics authentication is not secure, why does the big company still continue to use it for the system?.

If not save, we can't see the phone, bank and other company use it for the system now,

We do not worry, AI is create by human, certainly not smarter than creator. So if we think biometrics authentication can cheat by AI, it's just your imagined after watch a sci-fi movie.

[_BlackStar]

I just look at the movie spy on how the cheater triking biometrics authentication on system security. And, I still don't know today if that is true, because we know the movie is full of drama and intrigue. So, If biometrics authentication is not secure, why does the big company still continue to use it for the system?.

If not save, we can't see the phone, bank and other company use it for the system now,

We do not worry, AI is create by human, certainly not smarter than creator. So if we think biometrics authentication can cheat by AI, it's just your imagined after watch a sci-fi movie.

I don't know how secure my wallet is when I enable biometric authentication as a security measure. I tend to think about the risk of device damage or maybe the risk of losing the device rather than the expected security. I may prefer to remove the wallet from my android as way to minimize risk, but only after I have backed up the private key or wallet seed and stored it in a safe place.

But what is clear, every security measure made must have its own vulnerabilities to solve. To be honest, I don't know if this biometric authentication can be broken, but maybe someone can practice it on their respective android manually. After all there are many ways to fake fingerprints and some people may have duplicated them for some reason. Youtube can give you some information about it.

[Ucy]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.
There are several ways which this can be done :

• By using fake generated biometrics
• Stealing someone's biometrics from database

• using deepfake technology
• finding means of bypassing biometrics check

Will like to know though if biometrics authentication can be made more secure

Biometric authentication can be made more secure if you could only store the hash and well encrypted biometric data in decentralized system after the data has been verified and linked to a user. I prefer the verification to be done peer-to-peer in at a physical location by randomly selected verifier, or done online via a split method I illustrated in the past. The first method requires a user & the verifier to be physically present in a safe location or location authorized by a Decentralized Community. Once the verification is completed offline with special equipment or equipment own by the biometric owner (this's to ensure the the data only remains with the owner or never copied by the verifier), the data is hashed, properly encrypted and stored on the decentralized system. But if you don't want to store the data on the shared system you can store only the hash.


You can use the verified data for online/offline authentication.

[aylabadia05]

Everything online is not completely secure including biometric authentication even if it's designed to be as good as possible.
Hackers have the ability to have advanced knowledge that we don't have.

I'm trying to understand the meaning of what you're writing, it's probably related to the seed phrase. So don't store Bitcoin in a centralized exchange wallet even if the exchange has a big name. Not only could the asset be lost but it could be frozen.
One of the most secure storage efforts lies in offline storage.

[yazher]

I think biometrics is just one way to secure your funds in an exchange like Binance and most of the time they will gonna send your confirmation text message with codes to finalize your transactions. If they only have the biometric data, they cannot do anything with your funds in the exchanges anyway, also most of the exchanges nowadays have tightened their security features and when you only have a few amounts of cryptocurrencies in those exchanges, you don't really need to worry much except when you are holding a huge amount of cryptocurrencies.

[franky1]

biometric security is not a flaw of technology. its the flaw of biology

if you want to use fingerprints. .. hope you dont get your thumbs messed up with scars later in life

if you want to use retinal scans. .. hope you dont get your eyes messed up with cataracts or other eye diseases later in life


many sophisticated tech dont just take 1 scan 10 years ago and compare it to todays biology. they do instead take a scan and then with each next read/scan compare the two to a high probability of a match, to gain access and then use said new scan as the comparer for the next. thus updating, incase of change of biology, to reduce the variances of life/biological changes over time which can cause access lock-outs

but beware, some greedy people that can access to steal your funds via some bio scan. can go old-school and just take your thumb. or threaten you to get your eye scanned..
(yea people are murdered for alot less)
greed and scumbags are a flaw of biology. and no code can change that

[Leviathan.007]

Was thinking about how bitcoin and crypto currency can be made more secure using biometrics authentication though some of the biometrics are easily hacks but it's depends  to the uniqueness to a particular individual but still yet all biometrics can be hacked even iris and retinal scanning.
There are several ways which this can be done :

• By using fake generated biometrics
• Stealing someone's biometrics from database

• using deepfake technology
• finding means of bypassing biometrics check

Will like to know though if biometrics authentication can be made more secure

If you ask me as a developer who used biometric authentications in many services I can say in the first place biometric authentications weren't made to be super safe for users and the services provider its just an authentication method to make things easier for the people who want to pass the authentication phase of systems so instead of using patterns of using a password they can use their fingerprint or face shape or even their eyes to make the authentication easier for them not safer so I don't expect a lot from it.

[Z390]

Do you even know what biometric authentication is? If you know what it is then you won't ever think that it can be hacked, thats impossible.

Biometric authentication involves using some part of your physical makeup to authenticate you. This could be a fingerprint, an iris scan, a retina scan, or some other physical characteristic.  

I have never seen or heard that someone fingerprint was hacked, unless your hand is cut off with a machete, or we are talking about passwords here. Even in movies they either use a latex on a fingerprint to copy it or some kind of fingerprint stealing scanner.