There is recent news that the US government last 5.6 million fingerprints to unknown people in a cyber-attack. While it is worrisome, I don’t blame the government, it seems like it can happen to anyone. For example, pretty much every store and business cannot keep our credit cards safe. If we take it as a given that if something is stored on a network, eventually it will fall into the hands of people not authorized to have it, then it is OK to worry about the significant loss of data, and in this case, not credit card data, but rather fingerprint data.
We have been told that passwords are inherently unsafe because they can be hacked or stolen. And because passwords are unsafe, we need a new “safe” method of authenticating to the network – and the “safest” way is through biometric data like fingerprints. So this brings me to my question – at least a password can be changed at the sign of hacking. Fingerprints cannot be changed. What are we supposed to do when the “bad guys” get a copy of our fingerprints like has just happened for 5.6 million people? It is something I am thinking about in the realm of public policy. Please leave a comment if you have an idea.