undefined | Better HN

0 pointsJambalayaJimbo1mo ago0 comments

My banking app already trusts Face ID right now!

0 comments

2 comments · 1 top-level

customguy1mo ago· 1 in thread

And how is that necessary? It's a convenience feature, nothing more. You might as well trust your bank with your biometric data directly, and leave me and others out of it either way. Even IF there was a real need for a mobile device with which general computing is not possible, that would not justify killing it everywhere just so people who do need it can "just use their phone".

That the laziest of us don't mind and the worst of us want something is not a respectable argument for anything, ever.

JambalayaJimboOP1mo ago

So first of all, usability features are security features. There is the classic example of an uncrackable 18 character random password string that only results in frequent password reset attempts and the bank’s support staff getting totally overwhelmed.

We can have a discussion about FaceID specifically, but “convenience” is not considered trivial within the security sphere.

Second, I work for a (very large) bank, and you actually do not want to trust them with your biometric data directly. You can be absolutely assured of the privacy of your biometric data with the bank, better than with a Silicon Valley tech company. But I would not trust the bank’s data scientists to come up with a model that will not have an extremely high rate of false positives and negatives.

The reality is, if such an initiative was started at a bank, it would be shuttered after years of delays.

j / k navigate · click thread line to collapse