Linux is just more secure and keeps you from doing a stupid mistake.
The one on my ThinkPad started working when I upgraded to KDE 6 / Wayland. I was pretty happy about that.
For me it only works for signing in after sleep, but not for anything else (T490). Does your Thinkpad work better/in more ways?
Oooh I gotta try that
Oh nice, I have a Carbon X1. I knew that fprintd has worked for a while, and has allowed me to enroll fingerprints, but has never successfully worked for authentication.
If they did that we’d discover a minix system sending your fingerprints to CIA. and we can’t have that now, can we?
I understand wanting to use this, but, fingerprint reader is so I secure I usually avoid it.
Is it really less secure than a password? How so?
If it’s compromised you can’t change it for one
Also you can’t be legally forced without a warrant to give a password but biometric data you can be legally forced without a warrant to give up
Lol let’s take the kid gloves off, shall we?
Fingerprints, as a means of authentication, is just straight up not secure.
Man, I knew fingerprint encryption was bad but that is nuts.
Fwiw they’re able to do the same thing by the sound of someone typing a password across the room. Not advocating for fingerprints or anything, just these exotic hacks are everywhere
With a password you can have an exact binary comparison. Either you supplied the correct password or you didn’t.
But with biometrics you just have an approximation because your fingerprints change slightly due to the position in which you hold them, your health, humidity, pressure and probably other stuff I’m not thinking of. So the sensor can only say that it’s like 95 % or whatever sure that it got the correct fingerprint. And this uncertainty makes it much easier to exploit.
And your fingerprint is not secret. You leave it all over the place. Especially on devices you use every day. And your fingerprint can (and will) be taken without your consent. And you cannot change your fingerprint if it gets compromised.
All those spy movies showing how trivial it is to circumvent biometric security have in common that whatever method they used was realistic.
A fingerprint is a password you leave a copy of on everything you touch.
Biometric data can be used as login but is unsuitable as password, since it can’t be changed once compromised.
I use it if only because my wife won’t use passwords on her devices. We aren’t even at step one for device security. I’ll take what I can get, or what she’s willing to work with.
im sure there isnt a malicious reason why many fingerprint reader drivers are proprietary
It depends if you’re lucky with the exact model of sensor you have
Fprint works amazingly well on my thinkpad. Worked fine for me on KDE Plasma 5 and also works on Plasma 6 for me too.
Works on my Thinkpad.
Werks on my Thinkpad X13
Same on Thinkpad T495
I stopped using them altogether when my job provisioned a YubiKey. Got one for personal usage and it’s pretty solid for just about everything I’d have used a fingerprint sensor for.
Mine works just fine… on my Mac OSX:-).
If anyone is worrying about security, don’t use it for that, or at all if you don’t want, but it sure is nice to have that option if/when I want.
Seriously, I have multiple layers of security - extremely long & complex & unique passwords plus 2FA for banking, another (different) password and a PIV for work, etc. - and I really enjoy being able to get back into my desktop at a moment’s notice after grabbing a coffee. It even enhances security in several ways: e.g. by facilitating using a shorter time-out until the system asks for authentication, plus allows you to use a more complex password for your account, knowing that you won’t have to type the whole damn thing in 50 times a day. Also, even if someone had a literal camera over your shoulder watching you type your password (work? public space like library?), they would not get your fingerprint that particular way. Or if you really want to get paranoid (I don’t think Mac will let you do this by default without additional software though), you could require both password + fingerprint?
It is also worth noting that the issues for desktops are not identical to those of mobile devices: someone would have to gain physical access to my machine in the first place (afaik? now I wonder about that though… are the security credentials stored in a less secure manner that a remote intrusion could spoof more readily?), which is far less common than a mobile device that you take with you and is also smaller so more easily stolen.
Protect the stuff you value the most, but for the common stuff it is nice to have a quicker method of access. Like everything else, this is merely one tool in your toolbox that you can decide how & when to use appropriately.
Got it working on my ThinkPad t480 - realised I can only maybe sometimes log into the user account. Can’t replace sudo, gpg, or any other type of password, and if I remember correctly it couldn’t even unlock the screen. Gave up on that idea completely.
Funnily enough, the actual fingerprint recognition was more often successful on Linux than on windows.
I’m really happy that my new Framework laptop’s fingerprint reader worked perfectly out of the box.
