I’ve always found it helpful to think of two computers.
One of them is beige and from the 1990s. It has a keyboard and screen into which you type in your regular username and password. It is the computer that you actually use to get things done.
That computer is behind another fancier one though. The fancy one has a fingerprint reader and a robot arm. It reads your fingerprint (possibly incorrectly) and turns it into a password (also, potentially with inaccuracies.) The password might literally be “thumb with two loops that are 2034 pixels apart”.
The robot arm on the fancy computer then types the generated password into the 1990s computer. If anyone sees the password being typed, you’re out of luck. You can’t change your fingerprint to something different. There are no other inputs to the fancy machine. You’ll just have to use another finger.
You certainly wouldn’t be able to generate a meaningful username with the fancy computer. (Which is a finer point than simply fingerprints = usernames.)
What’s different with the Yubikey is that it’s trusted portable and tamper proof. It’s considerably harder for an attacker to intercept my fingerprint on the fancy computer with the fingerprint and robot arm if it’s either stuck in a USB port or in my pocket on my key chain.
One of them is beige and from the 1990s. It has a keyboard and screen into which you type in your regular username and password. It is the computer that you actually use to get things done.
That computer is behind another fancier one though. The fancy one has a fingerprint reader and a robot arm. It reads your fingerprint (possibly incorrectly) and turns it into a password (also, potentially with inaccuracies.) The password might literally be “thumb with two loops that are 2034 pixels apart”.
The robot arm on the fancy computer then types the generated password into the 1990s computer. If anyone sees the password being typed, you’re out of luck. You can’t change your fingerprint to something different. There are no other inputs to the fancy machine. You’ll just have to use another finger.
You certainly wouldn’t be able to generate a meaningful username with the fancy computer. (Which is a finer point than simply fingerprints = usernames.)
What’s different with the Yubikey is that it’s trusted portable and tamper proof. It’s considerably harder for an attacker to intercept my fingerprint on the fancy computer with the fingerprint and robot arm if it’s either stuck in a USB port or in my pocket on my key chain.