• ricecake@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    8 months ago

    While I do respect that viewpoint, there’s a lot more independent scrutiny of the hardware modules than there are around the parts that would handle any other authentication mechanism you might use.

    Pixel phone example iPhone example

    Just because something isn’t perfect doesn’t mean we should keep using the less good thing that it replaces.

    Use the PIN if that’s more your cup of tea, just so long as you move away from passwords, since it’s the HSM that’s the protection, not the biometrics. Those are just to make it easier than passwords.

    • Boozilla@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      You can change PINs and passwords, but you cannot change your biometric data.

      It’s about as smart as using your SSN as your username.

      • ricecake@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        The point being that most people do not need to ever change their biometric data, because it isn’t used for remote authentication.

        It’s about picking the right threat model, and for most people anything that gets them using the HSM is an improvement to their security.