Biometrics No Longer Secure?

Yes, it's a bold claim to make, but apparently the Chinese now have 5.6 million Federal fingerprints. Which means that you probably shouldn't install biometric security at any governmental facility for at least a generation.

Remember: it doesn't matter if you invent an unpickable lock, if someone can easily steal the key.

How does this make biometrics not secure? Can someone use those fingerprints to try to gain access to facilities? If so, how does that work?

While biometric antispoofing measures exist, it's my understanding that they haven't been widely implemented (the link says as much).

The most common biometric technology is fingerprint (because 1) speed, 2) accuracy, and 3) price), and the most common fingerprint reading technology is optical (again, because 1) speed, 2) accuracy, and 3) price). If you can build a latex mold of a finger, you can spoof an optical fingerprint reader unless you implemented one of the recommendations in the link above, and many readers don't (because it's 1) slower, 2) less accurate, and 3) more expensive).

Ari calls it, but it won't slow anyone down because in most cases it just "convenience over security" for most places.

Yup. It's more important to look secure than to be secure.

I think a bigger issue is if a contractor who's finger print was hacked enters China, they could be seen as a spy since they are on the list of US Government contractors with a security clearence. That could pose a problem for that individual.

It's important that we don't lump 'biometrics' as a fancy synonym for fingerprints. Biometrics are a whole range of bio/physiological indicators including iris, vein scans, gait, heatbeats, eye twitches, germ clouds, palm prints, earlobe dimensions, and probably ten thousand more.

Even in the case of the 5.6 mil stolen prints, those template files only are valid on a specific type of fingerprint reader. Use a different reader that 'scans' a different dermal layer, and the chances are those stolen records are valuable are really remote.

Not to say that protection of data like this isn't a priority - it absolutely is! But to call biometrics 'un secure' as a result is too strong.

Okay, true. But it does compromise the most commonly used form of biometric security.

But to call biometrics 'un secure' as a result is too strong.

Easy for you to say, since you can always give them the finger right back...

It's true. I tried to destroy security. Only partially successful with a latex rubber finger.

Fake fingers beat iPhone fingerprint readers - so any governement employee who travels with their iPhone can have their data compromised.

except Hillary, I noticed she uses a Blackberry.

I haven't been able to find anywhere if image files of fingerprints were stolen, or minutae encoded with ISO 19794-x or similar scheme.

Anyone know?

The OPM statement used the word "fingerprints" to describe the information that was stolen.

"Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million."

This would SUGGEST that the OPM was storing images. If it was just minutiae, you'd think that the OPM would go out of its way to make that clear.