The value of a strong password to protect your stuff is as high as ever
There's been a bit of a hubbub around the web about the "hack" of the Samsung Galaxy S5 Finger Scanner, and how "easy" it was.
First things first, it wasn't easy. If you're stealing a phone with the necessary equipment to also lift and reproduce someones fingerprint, then OK. You're also probably a more intense criminal than someone who randomly snatches peoples' phones.
It isn't a "hack" really, either. It's a "spoof," just as it was on the iPhone 5s. In fact, it's the exact same method that Apple's Touch ID was fooled by. So it's not so much an issue specifically with the Galaxy S5, more a flaw of fingerprint scanners in general. But that doesn't make for sensationalist headlines. So, just like the iPhone 5s and Touch ID before it, the Galaxy S5 falls into the spotlight.
And once more it highlights something we should already be aware of: use strong passwords on all of your private stuff.
The 'easy hack' and PayPal
To the right person, sure, it's easy. But if I stole your fingerprint protected Galaxy S5 out of your hand, I don't think I'll be doing this. But there's also been some sensationalizing on exactly what happens if you keep trying to scan the fingerprint in the PayPal app. Yes, you get more than one attempt at scanning the fingerprint — you get five, to be precise. If, like in the video above, you have a working copy of the fingerprint then you'll absolutely be able to get into someones PayPal account. That's not a by-product of having fooled the Finger Scanner. That's a by-product of having the right fingerprint.
After five attempts if PayPal hasn't authenticated you're given a message that states "Unable to recognize fingerprint. Please swipe again." Perhaps at this point you should require your password instead of continually swiping. But, if as in the video above you've created a working spoof of the right fingerprint, it doesn't matter how many swipe attempts you're allowed, you'll be able to get in. If PayPal locked you out completely after the first bad scan it wouldn't be a particularly user friendly experience, would it?
It's an issue, yes. But it's also an issue that isn't isolated to Samsung, or to the Galaxy S5.
No replacement for strong passwords
Just the same as with Touch ID, the Finger Scanner on the Galaxy S5 should be viewed as an assistant to your device security, adding convenience. It absolutely shouldn't be a replacement for a strong password, PIN code or screen lock pattern, which are still the best ways to secure your accounts and devices. And definitely use two-step authentication wherever you can.
Fingerprint scanning is extremely convenient, especially when it works well. For unlocking your phone, it's probably OK. And while it's pretty awesome that you can hook your PayPal account up with it, if you feel even remotely nervous about it, don't do it.
And if you need any help generating and managing strong passwords, there are a ton of options out there. LastPass, mSecure and 1Password are just a few of the options out there for various platforms that can help you generate some complex and unique passwords for your accounts.
The bottom line
Fingerprints can be spoofed – this isn't new – and this method of spoofing was highlighted back when the iPhone 5s launched. And our advice remains the same: if any of this makes you feel at all uneasy, don't use it. Stick to strong passwords. Nobody's forcing you to use the fingerprint scanner.
If you happen to know a thing or two about biometrics and security and have anything to share, please do drop it into the comments below.
Unlocked Galaxy Note 20 Ultra is now receiving the September security patch
The latest September 2020 Android security patch is now rolling out to unlocked Galaxy Note 20 Ultra phones in the U.S. Along with the September 2020 patch, the update also brings improved camera performance and a few other enhancements.
Everything we know (so far) about the Google Pixel 5
We're still months out from Google unveiling the Pixel 5, but that doesn't mean it's too early to speculate what it might offer. Here's everything we know so far!
The ultimate guide to customizing your Android phone
Theming on an Android device is more than just setting a wallpaper and calling it a day. Take a look at some of the widgets, icons, and other elements that go into making your Android your own.
The best Type C flash drives for your phones and computers
Flash drives with USB-A are still the standard, but with USB-C, you can get a flash drive that works with your phone, too, and it’s futureproof to boot as more laptops move to USB-C ports.