2017-09-30 21:00 GMT+02:00 Daniel Kinzler daniel.kinzler@wikimedia.de:
Biometry in general may be acceptable, but fingerprints should be considered weak protection, because you share that key with your environment all day, every day. Getting someone's fingerprint is *really* easy. If your phone gets stolen, chances are, the fingerprint needed to unlock it is right on there already.
I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint. Fingerprints are Usernames, not Passwords!¹
In additional to using good passwords² I would advise to change the ssh-keys once in a while and thereby upgrade to modern key-options. At the moment ed25519 – if already supported by the sites you use – and using PBKDF as key-derivation-function! See [3] for a howto.
[1]: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html [2]: https://xkcd.com/936/ [3]: https://blog.g3rt.nl/upgrade-your-ssh-keys.html
Regards, M