![[Blurry fingerprint picture]](/wp-content/uploads/2016/02/2016-02-11-09.58.43.jpg)
Even worse than 1234?
http://www.nrk.no/troms/kvinne-kan-bli-tvunget-til-a-apne-telefonen-med-fingeravtrykk-1.12723383
While waiting for a final decision above, another case appears outside Bergen (Norway), where a lower court allows the police to use force (…) to unlock a fingerprint protected phone in their chase for evidence:
http://www.ba.no/nyheter/politi/kriminalitet-og-rettsvesen/politiet-far-tvinge-27-arings-tommel-ned-pa-mobilen/s/5-8-274391
US courts have already ruled (http://www.wired.com/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/, http://www.macrumors.com/2014/10/31/fingerprints-not-protected-by-fifth-amendment/) that you cannot use the fifth amendment, as the police have the right to collect all your fingerprints, and using those prints to unlock any fingerprint device you may have is not a violation of the fifth amendment (“no person shall be compelled in any criminal case to be a witness against himself”). At the time being this applies to fingerprints specifically, and the future will eventually show of other biometric authentication schemes may become subject to the same type of ruling. A pin or password on the other hand is protected equally in Norway as in the US, you have the right to remain silent, and it can be forgotten.
While I still support and recommend the use of 2-step verification / 2-factor authentication, I have absolutely no doubt that biometrics as a single factor should be considered less secure than even the simplest of 4-digit pin codes for physical access to a device.
The way fingerprint ID is implemented into smartphones and tablets today, they essentially work as a time-limited 2SV solution, where you identify by pin/password at boot, and then use fingerprint as 1FA for ease of access to your device. This leaves a time-limited window of opportunity to forced access using your fingerprint, which is a new risk in addition to other forensics access tricks.
Any counterarguments?