Why should we enable fingerprint?

Nico_Braun · ‎03-22-2021

Hi.

I just bought a new phone and I didn’t disable the fingerprint on purpose, as security measurement. The reason for this is that for the police can use the fingerprint and your hand to unlock your phone, while they can’t force you to tell them your password. I rather not have them unlock my phone for free.

So after all I feel more secure safe having it disabled. While the duo app is telling me the opposite. Why does duo even care?

Amy2 · ‎03-24-2021

Hi Nico, let me just say what a great, thought-provoking question you’ve asked here. This is a concern many people share these days.

Duo itself does not require biometrics for authentication; this is likely a policy that is put in place by your Duo admin at an organization. That being said, we have addressed some of your concerns as well as the question of why biometrics are considered a good auth method in this blog post from the Duo Labs team.

While passwords hold a slight advantage over biometrics when it comes to being forced to access your device, you still could be compelled to comply. Biometrics offer strengths over passwords in other situations such as remote attacks. If an attacker uses malware to capture your biometric, they cannot easily use that to access other accounts due to the secret keys being stored on a Hardware Security Module (HSM) unique to that device. Biometrics also offer a level of convenience to the end-user that makes them preferable to some.

Are you using Duo for an organization such as a work or school account? I encourage you to speak to your IT help desk or admin about your concerns and work with them to find another method that is acceptable to you both for authentication.