Fingerprint

Is there a reason Bulb can’t/ won’t allow access to App by either fingerprint or retina? Every other utility I deal with via App has fingerprint access. It is, for sure, more secure than password. Let’s face it, my banks do fingerprint or retina access and they actually have my money!!

It is, for sure, more secure than password[citation needed].

@Hooloovoo I agree. I dont want any serious accounts of mine attached to my fingerprint. It’s the reason I don’t use banking apps.

@Hooloovoo I agree. I dont want any serious accounts of mine attached to my fingerprint. It's the reason I don't use banking apps.

Exactly. Biometrics replace a username, not a password. I can’t easily change my fingers.

Using biometrics is more convenient but not more secure. I do use biometrics, but only on things I consider to be low to medium risk. I used to consider my banking apps to be in this category, since all you could do was look at the balance and make transfers to existing payees. But as banks add more features, and allow setting up new payees and other services, I’m no longer comfortable relying on just biometrics. There needs to be more granular control over security, where things can be defined as read-only with biometrics, and require permission escalation for anything more serious. I think the new open banking protocols will help here, but I’ve not looked into it in any great detail just yet.

In terms of the Bulb app, I’d consider it to be low risk that I’d be happy to use with biometrics. In fact I’d be more than happy for it to have no security and just remain logged in forever after first authentication, since my phone is locked anyway. There seems little point adding additional security to a low risk app, particularly so if that security is just a second touch of the fingerprint scanner that’s already just been used to unlock the phone in the first place. When you combine this with the fact that one opens the Bulb app once or twice a month at most it seems hardly worth the development effort.

I’ve just realised the OP also mentioned access by “retina”. Does any consumer device even do iris scanning never mind retina? I doubt it. I guess they’re confusing retina scans with face unlock, which has already been demonstrated to be easily fooled.

@Hooloovoo I know samsung devices since the s8 have had iris recognition but it’s pretty rudimentary. Its fooled usually by a picture of you.

I’m currently in the process of refreshing all of my major passwords to more secure ones too.