Hacker News new | past | comments | ask | show | jobs | submit login

The idea is that you aren't giving away any kind of biometric data, just using your fingerprint/face-unlock/etc to "unlock" the key used for signing the request locally.

It could also be implemented in a way where it's behind a password instead of biometrics. Yubikey and the likes already use this method.




Make your fingers valuable to violent and ruthless miscreants, good move!


As opposed to violent and ruthless miscreants beating the password out of you?


Ouch! OK OK, my password is "please-dont-take-my-fingers"


No need for a beating if I can just tell them... they can take the password with them.

Or they can take the fingers with them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: