It is best to consider biometrics to be identification, not authentication. See Schneier's essay at http://www.schneier.com/essay-019.html and note the sentence "Biometrics are unique identifiers, but they are not secrets". Using thinkfinger is good for convenience, but not security.
Note that there are also other attacks. The device is connected by USB on thinkpads. You can simply open up the wrist rest (a few clearly marked screws underneath) and plugin a device that emulates the fingerprint reader, but always says success. The reader in thinkpads is capable of far more functionality including storing the fingerprint within the device itself and providing a password/key on successful verification. This is available on the Windows software. The fprint page has some more detail at http://www.reactivated.net/fprint/wiki/Upekts - the lesson again is that undocumented hardware can only be partially supported by Linux. -- Fingerprints stored in unsafe location https://bugs.launchpad.net/bugs/235297 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
