August 24, 2019


Why do smartphones have fingerprint sensors?

The three golden rules for password management are:

  1. Never write your password(s) down.
  2. Use different passwords for different services
  3. Change your passwords when they are compromised.

You always “write down” your fingerprints when touching a smooth surface. You can never change them and you (usually) have only 10 of them to begin with. Fingerprints violate all of the above rules, making them completely unfit for being used as password replacements. Smartphone manufacturers know that, but build fingerprint sensors into their devices nonetheless. Why? Because the point is not to actually protect anything on your phone, but to give you the illusion that only you can access it. Otherwise you wouldn’t trust it with your personal data.

Fingerprint sensors are not a security feature. They are simply part of the sales pitch.