I worked for a fingerprint recognition startup in the early 90's and then later on my own in the early 00's. My quick summary: Fingerprints are effectively useless for security.
Technology reasons: Some systems are better than others but none is perfect. False positives and false negatives are part of the system. The worst part is not that everyone is affected .001% of the time but that a few people (usually older people or people who work with their hands) are affected most of the time.
Security reasons: As mentioned in the article, fingerprints need to be treated as public information. You leave them everywhere and are not that tricky to copy. Mythbusters did a nice episode on this. Also, you can't change them once they've been compromised. For a while I worked in a Top-Secret environment and we didn't use fingerprints exactly because they weren't secure and, worse, could give a false sense of security.
Convenience reasons: Given that you shouldn't use them for high security systems what about low security systems. I hacked a fingerprint reader onto my car and thought it was so cool. I took it to a local car dealer to get his impression. He showed me a new BMW that used a proximity card to unlock the car - blew my system away for convenience.
Societal reasons: There are a lot of people who will just never feel comfortable giving their fingerprint to a computer. The stigma is that's what criminals do. Most common lame joke when doing a fingerprint demo: "You gonna give that to the FBI?, ha ha ha".
Now one of you may come up with a way around all these issues. I know you can get a fingerprint reader on your laptop. I used to think it was pretty impressive when I had one of the first. Eventually the novelty wore off and the inconvenience factors led me to stop using it. I'd like to hear if someone has had more success than I did.
The problem with using biometrics at all is that you're conflating authorization with authentication. Those are fundamentally different (at least in the society we live in).
Biometrics are used for authentication - proving who you are (whether it works and can be duplicated is a different issue).Useful for a passport or driver's license.
Car keys, passwords, ATM pin numbers are a form of authorization.
For example, you may want to let your daughter withdraw money with your card or use your car. Biometrics can't be used for that purpose.
To put it another way, biometrics can support ACL-based authorization, but not capability-based authorization. However, since the entire world is using ACL-based authorization anyway, it's not a practical limitation.
Ok, but I think that would just make the other issues worse. Mind you, I'm an old cynic who couldn't get it to work, and you should never listen to old cynics. If you think there's something there I'd like to see what you come up with.
Technology reasons: Some systems are better than others but none is perfect. False positives and false negatives are part of the system. The worst part is not that everyone is affected .001% of the time but that a few people (usually older people or people who work with their hands) are affected most of the time.
Security reasons: As mentioned in the article, fingerprints need to be treated as public information. You leave them everywhere and are not that tricky to copy. Mythbusters did a nice episode on this. Also, you can't change them once they've been compromised. For a while I worked in a Top-Secret environment and we didn't use fingerprints exactly because they weren't secure and, worse, could give a false sense of security.
Convenience reasons: Given that you shouldn't use them for high security systems what about low security systems. I hacked a fingerprint reader onto my car and thought it was so cool. I took it to a local car dealer to get his impression. He showed me a new BMW that used a proximity card to unlock the car - blew my system away for convenience.
Societal reasons: There are a lot of people who will just never feel comfortable giving their fingerprint to a computer. The stigma is that's what criminals do. Most common lame joke when doing a fingerprint demo: "You gonna give that to the FBI?, ha ha ha".
Now one of you may come up with a way around all these issues. I know you can get a fingerprint reader on your laptop. I used to think it was pretty impressive when I had one of the first. Eventually the novelty wore off and the inconvenience factors led me to stop using it. I'd like to hear if someone has had more success than I did.