The next Bitcoin hardware wallet from Block—the financial services startup run by Jack Dorsey—will use fingerprints as the primary identification mechanism.
Block conceded that this solution has drawbacks, but claims that it will improve security against hardware wallet theft and misuse. In a statement, they said:
“We believe PINs, passwords, and seed phrases are confusing and often not secure given the workarounds normal people have to create given all the friction. This compounds when the need for those passwords are more rare.”
When Block unveiled its approach to bitcoin self-custody last year, it opted for an open solution for a Bitcoin transaction signature device. They included a mix of hardware and software items that the customer can use to achieve a balance between security and convenience.
Block wallet users will primarily manage their money by interacting with the mobile application, and will only need to interact with the hardware to authorize larger, less frequent transactions above an amount of their choosing.
Block cites the “peace of mind that will come from not needing to remember yet another PIN, and the ease of placing a finger on the sensor rather than manipulating tiny, failure-prone buttons on a difficult-to-read screen.” Others are less enthusiastic about biometrics being used to make things “easier”. Internationally renowned security technologist, Bruce Schneier had this to say on the subject:
“Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can’t choose a weak biometric in the same way they choose a weak password.”
Schneier also points out that biometrics are hard to forge but easy to steal. They are not secrets. CSO Magazine columnist Roger Grimes said of biometric ID way back in 2016:
“None of the places that store your biometric identities are safe or unhackable. No matter how much they may claim your biometric identity is safe, they’re either lying or clueless. We need look no further than the security clearance database stored by the U.S. government that contained, among other details, the fingerprints and detailed personal history (including friends’ names and addresses) of every person that submitted an application for a security clearance. Chinese hackers stole tens of millions of fingerprints and identities going back as far as 1982.”
Any fan of spy or crime movies knows how easy it is to get someone’s fingerprints. But still, the vast majority of people will forget their seed phrase and any password that is not their dog’s name, so this idea is far better “security” than losing access completely or having a weak password. It depends on how much you have stored on it. And if it’s a lot, check your fingers every morning!