Welcome to Ask Jerry, where we talk about any and all the questions you might have about the smart things in your life. I’m Jerry, and I have spent the better part of my life working with tech. I have a background in engineering and R&D and have been covering Android and Google for the past 15 years.

Ask Jerry

Android Avatar of Jerry

(Image credit: Future)

Ask Jerry is a column where we answer your burning Android/tech questions with the help of long-time Android Central editor Jerry Hildenbrand.

I’m also really good at researching data about everything — that’s a big part of our job here at Android Central — and I love to help people (another big part of our job!). If you have questions about your tech, I’d love to talk about them.

Email me at askjerryac@gmail.com, and I’ll try to get things sorted out. You can remain anonymous if you like, and we promise we’re not sharing anything we don’t cover here.

You may like

I look forward to hearing from you!

Today’s top Android phone deals

How safe is it to use your fingerprint?

Setting up a fingerprint using the OnePlus 13's ultrasonic fingerprint sensor

(Image credit: Nicholas Sutrich / Android Central)

Charles asks:

I’ve heard you and others say using your fingerprint to unlock your phone or apps isn’t the best idea. Why? Is it not as safe as they tell us? I’m curious as to why people think this.

Thanks

Hi Charles and thanks for asking a great question that also calls me out for things I’ve mentioned and not properly explained. That’s important to do and it helps me remember that I’m not just talking to a room full of techie nerds.

I can’t speak for everyone, but some others and I think fingerprints aren’t the best way to provide credentials because they’re not a password—they’re your identity. It’s also one of those things you can never change if you need to.

Regarding security, yes, if you try really hard, you can “crack” a biometric sensor like a fingerprint reader. It’s extremely complex and riddled with failures before it would ever work, but if something seems important enough, someone will keep trying until they are successful. Think latex, 3D dental printers, and more spy movie style sheniangans.

Like most things surrounding security, this makes it more than acceptable. For most of us, nobody is ever going to try that hard to get into our stuff, even if they have a perfect copy of our fingerprints. And when they start trying, they have to find a way around Android or iOS blocking them after a bunch of failed attempts. I’m saying use your fingerprint without any worries that it gets hacked unless you’re the president of a country or a multi-billionaire.

A lock in front of an Android phone

(Image credit: Future)

I quickly mentioned that it’s not security that makes me think a fingerprint is not the right solution, so let me explain. Note that this doesn’t make me right or wrong; it’s just a popular idea among people who nerd out trying to break things.

Your fingerprint is your username. You are Charles, and your fingerprints will always say that you are Charles, like mine always will say I’m Jerry. Using one as a type of passcode, while secure, has a few issues.

The biggest is that you can never change them. Let’s say in 2026 someone finds a way to crack the encryption that keeps biometrics safe. If you have all of your devices and accounts protected by a fingerprint, there is nothing you can do to change it other than stop using your fingerprints and never use them again.

You will always be Charles, and you will always have Charles’ fingerprints. If Joe gets a digital copy of them, they are worthless for protecting anything from Joe. Once Joe can do it, everyone can do it.

I doubt someone will be able to crack into enough encryption to make fingerprint data something they can use, but anything is possible, and we both know people are trying to do it. People are trying to do everything, it seems.

A better way?

Google Passkey on a Windows 11 PC

(Image credit: Nicholas Sutrich / Android Central)

Google and Apple are both working on new ways to secure your devices and accounts. In conjunction with folks like the FIDO Alliance, traditional passwords are becoming things like passkeys, and eventually, you might not ever use your fingerprint again.

I don’t like any of the current solutions for one reason: corporate ecosystem lock-in. I do not want to have to rely on Google, Apple, or Microsoft to make the right decisions surrounding my accounts and how I log into them every time. If I commit to Google’s emerging passkey system, what if I decide I no longer want to use Google for any of my hardware or software needs? Will I be able to keep my accounts and be able to log into them with Google behind it? Maybe. Maybe it isn’t good enough.

I don’t know a better way. Managing secure login procedures is not something people can do themselves, even though they think they are able to. I currently use a Yubico security key and have two backups because a small security key is easy to lose. I don’t recommend my way to anyone, even though it’s easy and secure.

What I do recommend is your fingerprint. Yes, I still think there has to be a better way, but until someone finds it, fingerprints work and are safe to use.