passwords and biometric authentication (archived post)

by benjamin hollon on april 25, 2022

Most modern devices include some form of biometric authentication: fingerprint scanners, facial recognition, or the like. Some passwordless way that it can tell who you are.

The device will also (almost always) have a passcode of some sort in case the biometric authentication isn’t working. Many people’s response is to put some simple passcode so that it’s easy to allow someone else to access the device.

This strategy is severely flawed.

The Weakest Link

If you have a secure fingerprint scanner but a weak password, what do you think people trying to get in will target?

If you guessed the fingerprint scanner, you guessed wrong. Always assume that attackers will target the weakest link in a chain. I know someone whose computer password is “open,” no joke! (If you’re reading this, change it now!) While this person has valid reasons (that I’ll explore in a moment), they are leaving the computer “open” to attack. 😉

I’m going to throw down the gauntlet: people with biometric authentication should have far more secure passwords than people without. If you don’t have to type your password every time, you can afford to make it harder to type! You can afford to keep a strong random password in a password manager on a different device in case you get locked out. You may need it once every week, at most; it’s okay to take an extra minute once a week if the trade-off is that other people won’t be able to access your device without permission.

Problems with This

Some people may have concerns at this point. Let’s try to address them.

Sharing a device

Some people choose simple passwords so that it’s easy for them to share a device.

I’d like to break this news to you: your device supports multiple users. Create a separate user if there’s a single person who often shares your device, or create a dedicated guest user if multiple people often need it. If someone asks, simply log them into that, and they have zero access to your sensitive files but can still use your computer in peace.

If you need to let them share some files with you, put them on a flash drive! Simple as that. They’re sensitive files? Well, encrypt the drive. I can think of ways to do that on every operating system. (I’m not going to go into them now, but feel free to look it up.)

Creating new users is very simple, and can make your main user much more secure, as you won’t need to share your password with anyone else or choose a simple password for others’ sake.


Maybe you just don’t want a long or hard-to-remember password. Well, okay. Here’s my suggestion: generate four random words, all lowercase, with spaces in between. (My password manager, KeePassXC, can do this.) That’s your password. Pretty easy to remember and type, but also very secure. I have a password like this, and it’s more than double the length of most other people’s passwords without being difficult to remember.

In fact, you don’t have to remember it! As I said, you can store your computer’s password in your password manager on a different device and access it if you ever need it. I’d still recommend generating random words, since that’ll be easier to type than a bunch of random symbols and letters.


If you have a device with biometric authentication, such as a fingerprint scanner or facial recognition, you have no excuse. Use a secure, random password today. Do what you need to, but your password should be more secure than it was before you got biometric authentication.

If this is you, go change your device passcode now to something secure.

There’s one small detail I haven’t told you yet: all of this is moot if you don’t have full disk encryption enabled on your device. I’ll be talking about it in my next article, so please make sure you’re subscribed; you don’t want to miss this!

Liked what you read?

I'm really glad you did! What's next?