Is fingerprint authentication secure?

Is OS authentication more secure when using a fingerprint reader than a (strong) password?

  • Can that be hacked easily?

  • By the way, where is the fingerprint stored? On the hardware chip or on filesystem?

    • Is that dependent from reader's hardware?

    • Is that dependent from the library/OS implementation?


The problem with most biometric systems is that they're inherently 'noisy', which requires software to sift through the noise to the true signal. A password is a few bytes where exactness needs to be perfect. A biometric fingerprint, or iris scan, or retina scan, or voice print, all need to have a 'close enough' threshold because biometrics change from day to day or week to week. Defeating such systems takes advantage of the 'close enough' nature of biometric authentication technology.

Because of this, a simple biometric is, in my opinion, less secure than a correctly selected password. And that doesn't even go into implementation details such as signal capture/replay possibilities between the scanner and the authenticator, or easily subverted skin conductivity sensors (lick the paper!).

When used in conjunction with a password, it can enhance security. But as I said, it shouldn't be used instead of a password.


The security of the scanner likely depends largely on the quality of the hardware. I'm guessing most scanners that come with laptops these days are pretty cheap and not intended for high security situations. Even higher quality scanners meant for door locks aren't impervious to fingerprint duplication. This Mythbusters clip proves as much.

Like Harley said though, multiple challenges are always more secure than a single challenge.


Fingerprints are generally more secure than a password, but it's all relative.

But you know what's more secure than a fingerprint? A fingerprint and a password. Something you have plus something you know is far, far more secure than either alone.