The world can have high def scans of my fingerprint for all it matters, they can’t produce a living human finger with the same print. And if you can’t reasonably ensure that you’re taking a reading from a living human then you shouldn’t be using biometrics.
Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
Having your email secured by a password locked by a device you trust doing biometric auth is perfectly fine. Having a website somehow store your print isn’t.
What would this "hand data" look like? A 3D model of a hand MRI or X-Ray?
Based on my understanding, in any form of biometric authentication, some amount of static data (i.e. the biometric database is not receiving a secure, updating feed of the state of your hand/body) is stored on the server and compared with the data transmitted for authentication. Biometrics change (fingerprints can be rubbed off from gardening, DNA mutates, etc.), so this static biometric data is something that is mostly environment-invariant.
If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.
Suppose this happens. The world now knows all of your fingerprints. And at some point in the future you walk up to the desk of a datacenter where there's a security guard who phyiscally takes your hand, inspects it, and places it on the scanner. Can someone other than you pass this check?
Biometrics are a hard, mostly unsolved the problem, because the hard part is replacing the human security guard who verifies that you're scanning a real person's hand. For not super security sensitive applications TouchID, FaceID, and friends are good enough because most people aren't in Face Off or Mission Impossible.
The point here is that this is completely wrong. Biometrics can be stolen and they're unreplaceable. There's no device in the world that can be sure it's reading a fingerprint from a living human. Drop a quick query into Google, you'll find dozens of methods that fool Apple's TouchID and that's probably one of the more robust implementations as it makes it rather difficult to do something like replace the sensor and feed in fake data directly to the system. There's only so much you can do to tell human flesh from inanimate objects when all you have is a tiny fingerprint sensor.
> Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
Biometrics is read with sensors, sensors produce data, data can be copied. If you were to publish scans you would have effectively allowed anyone the information needed to fake your fingerprint and authenticate as you. That's the definition of compromise.
Also, you're discounting the possibility of multiple layers of biometric + non-biometric authentication. Password/Private-Key + retina scan + left big toe-print scan >= Password/Private-Key.
I also think there are ways to authenticate your identity outside of static data-points if there's a trusted 3rd party real-time system involved.
If you think of biometric auth as “the scan of your eye/hand/whatever is just a password” then I can’t help you and of course that system can be compromised. “Upload a PDF of your fingerprint" is the silliest auth system of all time.
What happens when you lose the local machine?
