Doesn’t FaceID stand an example of this not being the case? I can log into pretty much all of my apps and make purchases with my face. Never once worried about my face being stolen or lost. Until that Mission Impossible tech exists I’m not worried that someone is gonna be able to impersonate me.
Biometric auth isn’t “I send a picture of my face over the network and that auths me” but a device a prioiri trusted by the service or the user takes a reading and releases a key.
Nobody says that “your hardware configuration is just a username” when taking about TPM security but when it’s wetware suddenly it’s a huge issue.
You think it is difficult to 3d print your face from a photograph? You can't revoke wetware, doesn't matter what you do on the device. You can take a picture of someone's palm from a mile away and ise their fingerprint to auth as them!
That's just it, you can get as many iphones as you want The threat actor will always be able to fool it once they have your biometric data. Even a human can't tell apart by using a photo if the 3d print is good enough. There will always be a way to mimick wetware.
Biometric auth isn’t “I send a picture of my face over the network and that auths me” but a device a prioiri trusted by the service or the user takes a reading and releases a key.
Nobody says that “your hardware configuration is just a username” when taking about TPM security but when it’s wetware suddenly it’s a huge issue.