Security Encyclopedia

Fingerprint Authentication

Fingerprint Authentication is the act of verifying an individual's identity based on one or more of their fingerprints. The concept has been leveraged for decades across various efforts including digital identity, criminal justice, financial services, and border protections.

Fingerprint authentication or scanning is a form of biometric technology enables users to access online services using images of their fingerprint. The biometric scan commonly relies on mobile and other device native sensing technology, as this has all but eclipsed software, third-party biometric algorithms. Some fingerprint scan solutions are architected in a decentralized model such as FIDO that ensures a user's fingerprint template is secured on the user’s device. Here, a user’s fingerprint scan is verified locally against itself, a token is sent to the service provider, and access is granted. The biometric authentication takes place locally, and the biometric data itself is not stored at the service provider (true secret).

Other fingerprint scan solutions are architected in a legacy centralized scheme in which user templates are stored at the service provider, and matching is done against a library of all other users’ biometrics (shared secret). These systems are commonplace in criminal justice, border protection, and national security settings. Lastly, some fingerprint scan systems (e.g. in government) rely on specialized hardware found at the point of care, access, or sale


"The OPM (Office of Personnel Management) breach in June 2015 was the largest theft of biometric data, namely fingerprint templates, in the history of the US Government. The loss of such sensitive biometric data led to a debate over how it should be stored and protected."