I was discussing the new fingerprint technology for the iPhone with SWIPIAW because she’s a computer security expert and that’s how we roll with our pillow talk.
One thing she pointed out that I had not realized is that it is in fact very hard to secure biometric information. For a password or key phrase, you get it right or you don’t. Only exact matches count. For this reason you can encrypt the actual plain text and compare only the encrypted version of the user input to that. There is no need to store the actual password so even if the device is stolen, retrieving the password is difficult.
Biometrics are quite different in that, being biological, things are never quite the same. Therefore you have to compare the key data with the input data to see if they are close enough. You can’t encrypt it because the whole point of an encryption algorithm is to scatter the input, to make sure that two inputs that are “close” end up “far away” after being encrypted.
The result here is that if you use biometrics, stealing the device easily gets you the raw biometric data, from which you can may be able to construct a facsimile for use elsewhere. Moreover, unless you want your biometric data stored everywhere, remote systems must depend on the physical device (the iPhone) to do the verification. That means physical possession is enough, the software can easily be hacked in that situation to send “it’s really him” regardless of the input or without any input at all.
On the other hand, SWIPIAW points out that many (most?) cell phone users both store sensitive data on their phones and use no security at all. Biometric may be weak, but at least it’s something so this may improve the over all security situation.