Block’s hardware wallet to use fingerprint biometric authentication
Payment firm Block (formerly known as Square) has confirmed that fingerprint biometrics will be the main method of authentication for its upcoming hardware wallet, according to a blog post from the firm.
“We believe PINs, passwords, and seed phrases are confusing and often not secure given the workarounds normal people have to create given all the friction,” the post reads.
“Instead, to achieve seamless authentication in practice, we plan to incorporate a fingerprint sensor into the wallet hardware.”
To preserve users’ privacy, Block said fingerprint biometric data will never leave the device. The code behind the technology will also reportedly be available to an independent community that will be able to inspect and verify it.
The firm also confirmed that, as the company builds the product, it will also evaluate additional access methods that customers could opt into in future.
Further, Block said it will equip the wallet with a rechargeable lithium polymer battery and USB-C port, and without a display as the accompanying app will be the main interface.
“We’ll get into this in more depth in a future post, including how we’re thinking about security considerations; for now, we’d like to hear from you.”
To this end, Block has set up a Twitter thread, where users can comment and share their privacy and security-related considerations.
Several users on the social media platform criticized Block’s choice not to include a screen in the wallet, saying that a way to double-check transaction details was paramount to the security of final settlement operations.
Removing the screen from a hardware wallet defeats the entire (!) point of having a hardware wallet.
If you cannot verify what the host device is sending to your hardware wallet, you cannot verify what it’s signing.
Blocks hardware wallet sounds more and more like a 2FA dongle. https://t.co/dgVZLFx0bS
— Joko ⚡️ (@jokoono) March 11, 2022
The choice of fingerprint biometrics for authentication was also heavily criticized, in this case by Bitcoinist. The crypto publication cites potential biometrics vulnerabilities identified in a 2019 IFSEC Global article, though also noting that the risk of a ‘honeypot’ is mitigated by the biometric data remaining on-device.
The company has not yet publicly responded to these comments.