If you haven't noticed, somehow lately computer keyboards and laptops in the Windows PC world are sporting a little pad for reading fingerprints.
Notice the fine print at the bottom of this page, which I'll quote here in case it goes away:
Microsoft Fingerprint Reader
"The Fingerprint Reader should not be used for protecting sensitive data such as financial information, or for accessing corporate networks. We continue to recommend that you use a strong password for these types of activities."
Why do you suppose Microsoft and all those hardware makers would go to all the trouble to add a fingerprint reader to laptops and keyboards, and then advise you not to use it?
Probably because they know something that the average consumer probably doesn't: these devices can be spoofed.
It's only a matter of time before there are clear, step by step instructions available on the internet for lifting a fingerprint and applying it to a model finger for spoofing purposes. Heck, there might be some online now, and I just haven't seen it yet.
Biometric Devices and Fingerprint Spoofing
Faking fingerprint readers (or other biometric devices) - a collection of links and papers
Failure of fingerprint locking system in prison in 2005
If you think about these things for a minute, you would never touch one without wearing a glove. Where is the digital fingerprint stored? That's right, on the same rootkit infested Windows PC prone to worm and virus attack.
Will rootkits soon be intercepting the fingerprint data and adding that to your stolen profile information in that giant hacker database in the sky? You can bet they will, because you can be assured that not everybody read the fine print. These devices are so common on laptops now that there are undoubtedly some juicy bank accounts "protected" by the Microsoft Fingerprint Reader.
The bad guys will have your biometric data in a database long before the FBI gets it done, because the bad guys do all this stuff with the lowest possible overhead. They just add another routine to their worm / virus / trojan / rootkit package and it flows out to all the zombie pc systems on the net that day. Since their data flows are mostly encrypted now-a-days, it might already be happening and we just haven't proven it yet.
Friends don't let friends use fingerprint readers. At least not today, when they are so clearly pandering a false, and perhaps even criminally negligent, sense of security. The people selling these things ought to know better. Oh, that's right. They do know better. Hence the fine print.
NOTE: Thanks to my good friend Joe S. in Tucson, Arizona for asking me, "would you touch one of these without a glove?"