Website logins on a browser while using a mobile device have changed very much in the past five years. On many devices you can use biometrics for some sites, so you no longer need a password which continues to be an aid for hackers.
Recently, we published the news that Android devices are going to allow logging in to apps and websites with the use of a fingerprint. Is either method trustworthy? Do you trust logging in to sites with your phone?
Andrew finds nothing wrong with logging in to the Web with his phone and thinks he’ll probably start to use it when it becomes more common, thinking it’s not too much of a leap from apps to websites. With no authentication data transmitted, only cryptographic proof, “there’s not much of a security risk, and privacy concerns would be mostly limited to your phone’s hardware/software manufacturers.”
Miguel doesn’t trust his fingerprint nor any app to log him in automatically to sites when he has sensitive information. He doesn’t “save” debit card data and always uses throwaway numbers on sites he sees as potentially sketchy. He realizes it may sound paranoid but believes, “It all depends on how much trust people are placing in you as well.” If you’re being trusted with other people’s sensitive data, you tend to treat it with much care. But he accepts the risks with social media and some gaming-related stuff, as there’s not any sensitive data included.
Sayak doesn’t trust biometrics, especially fingerprinting, because he doesn’t see it as safe. He used to work for a company with biometric access, and his fingerprints failed to register on multiple occasions. With dry, greasy, or wet fingers, some people are more prone to failing biometrics than others. He finds the same with phones and tablets and prefers voice ID access much more than biometrics.
While Simon enjoys the idea and convenience of biometric scans to log in to sites, he’d have to try it before answering definitively. If it worked perfectly most of the time, he could see using it. But if it’s spotty and hard to register his fingerprint, he’d prefer to stick with passwords. “The benefit of passwords is that you can set a different one for each site,” so if someone cracks a password, you’re still safe on the other sites. But if someone gets ahold of your biometric data, they’d have access to all sites that use it.
Alex thinks biometrics should consist of user names and not passwords. Fingerprints aren’t secure and can’t be changed. “WebAuthn and the associated FIDO2 standard could be the first step towards more secure login methodologies,” as they use attached devices like a YubiKey to authenticate rather than a text string, but that’s still just one factor. With two-factor login with WebAuthn still requiring a password, he believes it’s a good first step but far from the last.
Being that I’m an Apple mobile user, I’ve been using Touch ID since buying my iPhone 7 2-1/2 years ago. It’s not really buggy to me, and I feel safe with it. However, it still requires a password. Once I use my fingerprint, it then recalls my password. Recently, I bought an iPad Pro, and that uses Face ID. I find the same with that as I do Touch ID, and in fact it’s better. It’s quicker and has never failed. I trust it.
What are your thoughts on logging in to websites with your phone? Do you trust your fingerprint? Or have you moved on to some form of biometrics already? Do you trust logging in to sites with your phone? Join our conversation in the comments below.