On Wed 03 Jul 2019 at 18:34:28 (+0300), Reco wrote: > On Wed, Jul 03, 2019 at 03:29:27PM +0200, Renato Gallo wrote: > > Would be nice for any cracker if it could be possible to get access by > > shoulder surfing my fingerprint reader ;)
One hears gruesome stories about fingerprint security. > Using a fingerprint instead of a password is a bad idea. Using a > fingerprint instead of a username - that's OK. > > You can change a password if it's leaked. > You cannot change your fingerprint (legally, that is). And one leaves > fingerprints on every surface one touches. And on occasions it can be hard to come up with a good impression; for example, after a week or two's rock climbing in the Cuillin of Skye, the tips of your fingers are worn smooth by the gabbro. But it does disappoint me that there aren't more options for how characters are reflected (or not) when typing passwords; not forgetting passphrases either. LUKS types asterisks under some circumstances and nothing under others. I haven't managed to pin down how that decision is made or which binary makes it. You can make shoulder-surfing more difficult by overwriting each character a fraction of a second after it's typed. Cheers, David.
