You are reading a single comment by @hippy and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
hippy
Velocio
I posted this on another forum a few moments ago:
Identity should never be a password.
Identity cannot be changed if compromised.
As a second form of authentication, it is fine, but as a single form alone, it is a bad idea.
You need two of these always:
But any single form is weak by itself, and the weakest single form of all is the something you are as, if compromised, it can never be changed.
But for LFGSS, this extra bit...
The convenience of a fingerprint (on iOS or Android) is great... but know how to disable it and do so before you deal with any state actor. In my scenario that means I won't pass through border controls with fingerprint enabled.
Most states have the right to your identity... and this right is such that they also have the right to use your identity to unlock something, i.e. your phone. You can be compelled to give up your identity.
Most states acknowledge that you have the right to private thoughts... and you cannot be compelled to share those, self-incrimination is protected, etc. Meaning a password isn't something you can be compelled to give up in a lot of cases.
Fingerprints are interesting... because they can be faked from photographs amongst various other methods. The first part of this comment was in relation to a discussion about this article: https://www.theguardian.com/technology/2014/dec/30/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands