DEV Community

Discussion on: Universal passwordless authentication - The beginning

Collapse
 
ravavyr profile image
Ravavyr

Love the idea, hope you can turn it into something widely used.

However, aren't fingerprints and face recognition easily fooled currently?

I much prefer typing in my email address for example and using "login with google" currently and relying on google to not get hacked :)

Thoughts?

Collapse
 
dagnelies profile image
Arnaud Dagnelies • Edited

The fingerprint / face is used to access a protected (cryptographic) key stored on the device. In other words, as an attacker, you would first need to get your hands on the phone/laptop/other of the person you are trying to impersonate. ... And if you are able to fool the local authentication, you basically have all the rights on the device anyway.

Collapse
 
dagnelies profile image
Arnaud Dagnelies

Hi. There was still the question pending of "Why not login with google?" that I did not really answer. The response is a little late because it did not really fit as a comment, but I tried my best to answer it in the last section of my latest post ;) dev.to/dagnelies/passwordlessid-fi...