Fingerprints Don't Make Good Passwords for Secure Mobile Payments

Sign2Pay Mobile Payments

Biometrics are now taking center stage towards authentication even so far as being used for secure mobile payments. It all started with the laptop fingerprint reader that authenticated who you were and could be used instead of a password. Simple enough.


A few years later, Apple incorporated a fingerprint reader onto its mobile phones and the fingerprint ruled as the preferred method for unlocking the phone. Other phone manufacturers followed. You had the option to either use a four-digit code / pattern to unlock your phone or your fingerprint.

Fingerprint: Password or not?

This raises an interesting question, is a fingerprint a Password or a User ID? In the case of the 4 digit code or the pattern, both can be changed as per the user’s needs. Both have thousands of combinations.

Your fingerprint, well, that’s just plain limited. At best you have 10 options and most people have programmed between two and four sets of fingerprints into their phone to unlock it.

Contrary to popular thinking, a fingerprint is not a password. It represents you and as such, is your User ID.

Passwords are not fixed.

A password’s main characteristic is that is can be changed and be variable in length. A fingerprint is neither.

Fingerprints should only be used as a User ID. Think about it - you cannot change your user ID on many platforms (Gmail, Twitter, etc.) but you can change your password. This very variable option, i.e. ability to change does not apply to fingerprints. They are fixed and unique thus being highly inefficient for secure mobile payments. 

They are great to announce you but not to authenticate you.

We’ve somehow morphed the two, authentication and passwords when it comes to fingerprints. With the induction of Apple Pay, the payment authentication is provided by the fingerprint. You simply touch the home-button and voila! Payment has been authorized. But what if your fingerprint is compromised, what then? If history has taught us anything it is that nothing is secure.

For those of you who cite that Apple’s Touch ID is secure, you might want to read up on how CCC was able to hack into Touch ID. Even Apple Pay mentions that for transactions over a certain amount, a signature might be deemed mandatory by the acquiring bank.

Variable biometrics and biometric based gestures are some of the best options for secure mobile payments. Voice biometrics is an excellent password, so is the Signature.

Signature is a great Password

Let’s talk about signatures. Unbeknownst to many, a signature on a touch device gives over 12,000 data points. Let this sink in - 12,000+ data points.

Speed, Velocity Changes, Pixel Coordinates, Angles, Touchpoints, Number of strokes, Edges, Sharpness, Entry & Exit points are just a few security parameters worth mentioning.

Fingerprint and Signature

The most optimized mechanism for fingerprints and signatures to coexist together is use them as User ID and password respectively.

A fingerprint tells a system who you are, and a signatures authenticates your identity as per your pre-arranged mechanism of verifying yourself, i.e. your signature.

Sign2Pay uses over forty comparative features, we can guarantee payment once a signature passes verification.


Not only is our authentication technology easy to use and intuitive, it is almost impossible to forge and therefore ideal for secure mobile payments. If you have a a touchscreen mobile device, simply head over to this link and see if you can fool our system: We double dare you!


Share this story, choose your platform!

Subscribe to Email Updates