Biometrics General Usage
We use biometrics as an added layer of security for our mobile applications. But we do not use biometric data for all the keys in the key storage system, for several reasons:
- Biometrics in isolation can introduce strong incentive for physical attack. For example, an attacker is incentivized to chop off a finger to defeat a fingerprint scanner.
- 3rd Party Biometric Systems are a security hole. They store the biometric data on the company's servers, which are attractive targets for attack. It's acceptable to use for the phone key because phone providers store face and fingerprint data locally only.