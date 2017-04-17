The use of fingerprints as an authentication or identification (ID) method is as old as the ancient Babylonians, who used fingertips pressed into wet clay to seal business transactions of the time. About three decades back, fingerprints were regularly used in criminal investigations. Now, for the past couple of generations of iPhone and the Galaxies - that is, a couple of years ago - fingerprints have been used to secure your smartphones. Perhaps over a half of all smartphones sold in 2018 will integrate an embedded fingerprints sensor. Besides controlling access to our smartphones, fingerprints ID can also be used to protect access to mobile banking and payment methods such as Apple Pay, Android Pay, Samsung Pay, or Kenya's MPesa.

So, as you can see, highly secured access to your smartphone is paramount going forward in our technology landscape, and any methods of protection must be accurate and reliable. The use of passcodes (passwords) to control access to your device was of course the standard before fingerprints ID was introduced for this purpose a few years ago. Fingerprints IDs have advantages over passcodes. For example, you cannot forget your fingerprints the way you forget passwords. Moreover, swiping your finger over a region of your phone is infinitely more convenient than typing in some secured passcodes or passphrases. Thus, you are more likely to not leave your phone unlocked when not in use - which was a habit in those early days of smartphone - because of the ease of unlocking with fingerprints authentication.

Some research results, as recent as last week, are now telling us that protecting your device by using the fingerprints sensor in your phone may not be as secured as once thought, as the protection can be beaten in numerous ways. Actually, come to think of it, this should not come as a surprise if you recollect that any surface (object) that you touch can be scanned to obtain your fingerprint and used to open your phone! There are in fact many ways to defeat your fingerprints protection - in addition to the fact that you can be legally forced to swipe-open your phone. (Your passwords cannot be forced out of your mind if you do not want to cooperate.)

There are many reasons for the vulnerability of fingerprints authentication. One of these is the fact in most cases only partial fingerprints - as opposed to the full fingerprints - are used for protection, which as a consequence represents simpler patterns of fingerprint troughs, ridges, curves or loops; and whorls. Furthermore, typically, the phone takes up to eight or 10 images of your fingers - and multiple fingers from your two hands could be involved - to make it easier to find a match. All these improve the chances of hacking your fingerprints pattern since a finger swipe only has to match just one of these numerous stored images.

It should be noted that security can easily be increased by making it harder to match the partial fingerprint. However, the opinion is that phone companies don't want to do what is necessary to accomplish this because such procedures may end up irritating the consumer - for example if you have to swipe your finger four to six times before getting a match.

This is obviously a no-no in these days and age of user-friendly apps. (Larger fingerprint sensors would also decrease the risk, and alternate biometric security options, such as the iris scanner are presumably more difficult to hack.)

Though fingerprints are in part inherited, the odds of two family members having significantly similar fingerprints are quite low.

There are other issues with fingerprinting! The skin of the elderly tends to lose elasticity, while some folks have this rare condition that leaves their fingertips smooth and featureless. Other factors that enhance hacking include the fact that, unlike passcodes, you cannot change your fingerprints. So, once compromised, it is forever compromised! Moreover, fingerprint images on surfaces can be easily printed into hardcopies that can be used to swipe your phone.

Russell Brandom reported on a fingerprint hacking incident in the 2 May 2016 issue of Theverge online newspaper: "In five minutes, a single person faked a fingerprint and broke into my phone. It was simple, a trick the biometrics firm Vkansee has been playing at trade shows for months now. All it took was some dental mold to take a cast, some play-dough to fill it, and then a little trial and error to line up the play-dough on the fingerprint reader. We did it twice with the same print: once on an iPhone 6 and once on a Galaxy S6 Edge. As hacks go, it ranks just a little harder than steaming open a letter." Is this scary or what?

Finally, there are also master fingerprints - analogous to master keys - that can be used to unlock any smartphones. Notwithstanding the availability of these fingerprints hacking tools, this method is still quite useful for ordinary everyday protection of your device. However, for critical applications such as those involving financial transactions, fingerprints security has to be augmented with standard passcodes.