Hackers Stole 5.6M Finger Prints, Now What?

The Office of Personal Management (OPM) indicated that about 5.6 million finger prints were stolen from them during a data breach in the summer. OPM has indicated that the ability to use that finger print data right now is limited, and I would have to agree … for right now. But as things like finger print readers gain more adoption (think TouchID on iPhones) those 5.6 million finger prints today will be much more useful tomorrow.  To the credit of the FBI, Department of Defense, Homeland Security and others of the intelligence community, they are forming a working group to assess the risk, so good on them.

Here are things to consider that come to mind:

  • You can’t easily change your finger prints like you do with credit card numbers
  • There’s really no way right now to monitor if someone is using your finger prints like with a credit card so detection will be touch
  • To reduce the risk, perhaps the working committee could recommend that if finger print authentication is used, then at least 2 prints must be provided, and must be randomly selected
  • Consider location. You can’t be at two places in the world at once, so when authenticating with finger prints perhaps also consider the location of where that authentication is taken place. For example, if I am a US citizen, if someone tries to authenticate with my finger prints in China, then contextual that doesn’t make (even though it’s my correct finger) and access should be blocked.