The one on <i>my</i> phone isn't useless now, because my fingerprint data wasn't stolen in the OPM breach (and nobody else has it either).<p>Even if my fingerprint data were out there, that doesn't really help get into my phone if it's casually stolen. The thief won't know who I am, so they won't know which fingerprint to try out of the millions of possibilities. They only get five attempts.<p>As always, you have to define your threat model. My phone's fingerprint reader protects me against common thieves. It also protects me against the authorities to a pretty large extent. As long as I have the opportunity to turn my phone off beforehand (I always do this when going through customs, for example) then the fingerprint no longer works to unlock my phone. The ease of use that the fingerprint reader provides for most usage allows me to have a much stronger password on the device than I would have otherwise, so I'm pretty sure it's a strong net gain.<p>It doesn't protect me against a determined adversary who targets me specifically, but then I already knew that. Fingerprint authentication is far from perfect, but it's not meant to be anything else.
No. This article is clickbait. Chinese hackers might have your fingerprint if you worked for the US government. But they don't have your phone. If you're a high value spy or something where the Chinese government is going to target you, steal your phone and match it with the fingerprint database you might be in trouble. Otherwise, the fingerprint+pin is still going to work great at keeping your significant other from seeing your flirty texts and your porn browsing history, or whatever.
Somewhere here on HN I read that fingerprints are not passwords but user ids.<p>So your fingerprint authenticates you to provide your password.<p>Right now implementations are for fingerprints as passwords.
It's unfortunate that so much emphasis has been placed on biometrics (especially fingerprints) as a security measure, more so because of their convenience which lulls users into a false sense of security.<p>Not only can biometrics not be changed, unlike a password, but they cannot be withheld from a would-be accessor in the way that a password can (until mind reading becomes a thing, that is).<p>I don't know how true this is, but it feels like biometric authentication for consumers has sucked the oxygen out of attempts to create convenient but secure authentication that doesn't have the same flaws (I don't know what a potential system would be, but there have to be better alternatives). Lazy reliance on biometrics will, I think, make us all a lot less secure.
Fingerprints are a terrible form of authentication anyway. They're irrevocable, and you inherently leave copies of them everywhere just by touching things (unless you take special precautions). Same goes for DNA. Biometrics just aren't very good as shared secrets.
The title should read: "Thumbprint thing may be useless for authentication". There are other uses for it outside of security. I have a cydia tweak on my phone that will open different apps based on which finger I press to the home button.