2017-09-30 21:00 GMT+02:00 Daniel Kinzler <daniel.kinzler@wikimedia.de>:
Biometry in general may be acceptable, but fingerprints should be considered
weak protection, because you share that key with your environment all day, every
day. Getting someone's fingerprint is *really* easy. If your phone gets stolen,
chances are, the fingerprint needed to unlock it is right on there already.

I agree and even worse: if your password gets stolen you can change it but you cant change your fingerprint. Fingerprints are Usernames, not Passwords!¹

In additional to using good passwords² I would advise to change the ssh-keys once in a while and thereby upgrade to modern key-options.
At the moment ed25519 – if already supported by the sites you use – and using PBKDF as key-derivation-function! See [3] for a howto.

[1]: http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html
[2]: https://xkcd.com/936/
[3]: https://blog.g3rt.nl/upgrade-your-ssh-keys.html
 
Regards,
 M


--
Michael F. Schönitzer



Wikimedia Deutschland e.V. | Tempelhofer Ufer 23-24 | 10963 Berlin
Tel. (030) 219 158 26-0
http://wikimedia.de

Stellen Sie sich eine Welt vor, in der jeder Mensch an der Menge allen Wissens frei teilhaben kann. Helfen Sie uns dabei!
http://spenden.wikimedia.de/

Wikimedia Deutschland - Gesellschaft zur Förderung Freien Wissens e.V. Eingetragen im Vereinsregister des Amtsgerichts Berlin-Charlottenburg unter der Nummer 23855 B. Als gemeinnützig anerkannt durch das Finanzamt für Körperschaften I Berlin, Steuernummer 27/681/51985.