Hi, thanks so much for the bug report.I've been thinking about this quite a bit lately. I'm going to have to mark this "won't fix" for now. The prevailing opinion from security professionals is that fingerprints are perhaps a good replacement for usernames. However, they're really not a good replacement for passwords. Consider your laptop... How many fingerprints of yours are there on your laptop right now? As such, it's about as secret as your username. You don't leave your password on your spacebar, or on your beer bottle :-) This wikipedia entry (although it's about Microsoft Fingerprint Readers) is pretty accurate: * http://
en.wikipedia. org/wiki/ Microsoft_ Fingerprint_ ReaderSo, I'm sorry, but I don't think we'll be fixing this for now.
I could see some value, perhaps, in a tablet that I share with my wife, where each of us have our own accounts, with independent configurations, apps, and settings. We could each conveniently identify ourselves by our fingerprint. But biometrics cannot, and absolutely must not, be used to authenticate an identity. For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated. I will continue to advocate this within the Ubuntu development community, as I have since 2009.
Once your fingerprint is compromised (and, yes, it almost certainly already is, if you've crossed an international border or registered for a driver's license in some US states and countries), how do you change it? Are you starting to see why this is a really bad idea?
This isn't a knock on Apple, as Thinkpad have embedded fingerprint readers for nearly a decade. My intention is to help stop and think about the place of biometrics in security. Biometrics can be use used as a lightweight, convenient mechanism to establish identity, but they cannot authenticate a person or a thing alone.