In 2013, the iPhone came out with a new feature: Instead of a PIN or passcode, users could use their fingerprint to unlock their phone and various apps. People thought it was quite convenient; no remembering passwords or PINs, just hold your finger to the screen. But, like everything else it seems, fingerprint security has a dark side.

It can be easily hacked.

The whole point of fingerprint security is for it to be more secure; no one is supposed to be able to get into the phone unless they are you (or they cut off your finger movie-style and used it to access your phone). That’s not quite how it works, however. Hackers were able to get into a fingerprint-locked iPhone after only a week. On laptops it was even worse (keep in mind that the phrase “Windows security model” is almost as big a joke as “fingerprint security.”).

It’s not considered protected by the Constitution.

That’s right, folks. A VA court ruled in 2014 that while the government cannot force you to give up your phone’s passcode, they can force you to give your fingerprint to unlock it. See, you know a passcode; that falls under the 5th Amendment according to their logic—you can’t be forced to tell something you know that incriminates you. However, your fingerprint is something you have; therefore, they can “seize” that as part of their investigation.

a judge ruled that police, who suspected there was incriminating evidence on a suspect’s smartphone, could legally force the man to unlock his device with its fingerprint scanner. While the Fifth Amendment protects defendants from revealing their numeric passcodes, which would be considered a self-incriminating testimonial, biometrics like fingerprint scans fall outside the law’s scope.

I don’t write the crappy BS laws, I just write about them.

If they can’t hack it, they can now just copy it.

No need to mess with latex; just lift a good fingerprint (which of course they’d have anyway if they arrested you) and use an ink jet printer to copy. Or….Play-Doh. Yes, that’s what I said.

According to a paper published by Michigan State University researchers Kai Cao and Anil Jain, fingerprint scanners on Android devices can be duped with a high-resolution photo of the owner’s fingerprint. Photos need only be flipped horizontally and then printed on a certain paper with photo-conductive ink cartridges…As the Daily Mail reports, it was recently suggested that an iPhone could be broken into with Play-Doh – although it requires the phone’s owner to press their finger into the modeling material for five minutes.

If this isn’t creepy enough, there are plenty more biometrics being tested.

Meanwhile fingerprint scanners aren’t the only biometrics that manufacturers are experimenting with – heartbeat monitors are being trialled as a way to provide secure banking, and even wearables that measure your gait.

Sam Shrauger, Visa senior VP of digital solutions, told WSJ that Visa is involved with plans to make biometric mobile payments better and more secure. That could be, for example, using a consumer’s iris as a way to verify an identity. He suggested using multiple biometric authentication techniques — on top of a password — for the best password.

There are ways to get around all of this (such as using a strong passphrase), but the crux of the problem is simple: People don’t like inconvenience. They’ll trade their own security for convenience every time. Baaaaa.

Clef two-factor authentication