# How to secure fingerprint data?



## SmartestVega (Jan 19, 2018)

Our apartment association is planning to implement, biometrics gate passes (fingerprint turnstile) for all residents. But residents are bothered about the data privacy of the fingerprints that are stored in databases. This data resides in association harddisks, which is intended to access by some contract employees working in our apartment.

How I can make sure, data is secure and not misused/sold?

can someone explain how?


----------



## tristar (Aug 12, 2008)

Afaik, there is no way to prevent your data being leaked, loopholes will always be found.. You can make the monitoring more effective. The more ideas you get, the more money you will have to shell out.

What you can do though is
- Setup some kind of comprehensive Audit logging as to who is logging in as DBO/DBAs, who is accessing the system, active logins at a given point in time.
- Setup a 2 person key/authentication, where one is for the contractor and the other is one of the residents/association secretary/president so core changes are done in their presence.
- Ensure that this setup does not connect directly to the external network and stays completely intranet. 
- Instead of using Biometrics, switch to something like a mobile phone app with pass authentication.
- If this is the only option, try switching to maybe the little finger instead of your thumb or forefinger impression.


----------



## pcride (Jan 29, 2016)

So it’s hacked, then what ? A DB of images. Gummy bear attack I suppose but that would require converting fingerprint images to raised patterns. Which the likelyhood of Joes Network Company going into your DB has the knowledge to do that. Also depends on the technology at the gate, what does that vendor have regarding security? 

Personally I think bio metrics at an apartment complex is too extreme unless your talking a high dollar complex
And even then! Most super secure companies won’t have this at the front door. RFID cards would be easier to manage and easier to disable someone’s card and issue a new one than cut someone’s finger off, or now they need to use their pinky to authenticate!


----------



## Masterchiefxx17 (Feb 27, 2010)

Fortunately, the database isn't holding a bunch of pictures of everybody's fingerprints. What it stores is a string of bits that match up to your fingerprint.

There's a few things protecting you here. One, the data captured from your fingerprint doesn't contain much value other than some 1s and 0s. I doubt even with this data you could correctly create a falsified fingerprint.

Second, there is a good chance that whatever tool that they are using comes with built in encryption of some type. It is a security tool and most security-based companies will add in their own protection.

Third, it's an apartment building. Very few are going to spend the time actually hack what is practically unless data. :wink:


----------

