Nostr Web Client

GPT4 agrees on this too

True.

The statement "biometrics are usernames, not passwords" is a way to highlight the inherent security limitations of biometric data when used for authentication. Here's a brief breakdown:

1. **Immutable**: Unlike passwords which can be changed if they are compromised, biometric data (like fingerprints, retina patterns, and facial features) cannot be changed. Once your biometric data is compromised, it's compromised for life.

2. **Publicly Accessible**: Biometrics like faces and fingerprints are often publicly accessible. For instance, people leave fingerprints everywhere they touch, and faces are frequently captured in public spaces.

3. **False Positives**: No biometric system is 100% accurate. There's always a chance, however slim, that someone else's biometric data could be mistakenly recognized as yours.

4. **Revocation Problem**: If a password is compromised, it can be reset. If biometric data is compromised (e.g., a hacker gets a copy of your fingerprint data), you can't "reset" your fingerprint.

Given these limitations, using biometrics as a sole method of authentication is risky. It's often better to use biometrics in conjunction with something else (like a password or a hardware token) in a multi-factor authentication setup.

However, the phrase itself can be somewhat misleading. In traditional terms, a username is an identifier and a password is a secret verifier. Biometrics do act as verifiers, but the key point is that they shouldn't be relied upon as the sole verifier due to the reasons listed above.

nina_hodl 2y ago

We shouldn't use biometrics in any way.

Kamo Weasel 2y ago

😨🥶

ACHTl 2y ago

Thank you for this eye-opener.

Akito 2y ago

Yeah, I'm still baffled how people are "excited" for all the passwordless crap Microshit, Google and other exploiters are working towards since years.

They basically want all accounts to be passwordless in the next 2 to 5 years or something.

I know "why" people are swallowing it, but still - WHY.....?!