Connect with Joseph Steinberg
#VowForGirls - Joseph Steinberg


Join the Viral Campaign to Help End Child Marriage – But Do So Without Endangering Your Own Security

Join the Viral Campaign to Help End Child Marriage – But Do So Without Endangering Your Own Security

Please help bring an end to the cruelty of child marriage –  without endangering your own security.

It may be hard for many people to believe, but, even today, in 2020, millions of young girls around the world are still being forced into marriages years before the child-brides even approach adulthood.

VOW To End Child Marriage (VOW) – the global initiative that empowers couples, companies, and the wedding industry to help end child marriage – recently launched “Take the #VowForGirls,” an inspirational campaign that is raising both awareness of the child marriage crisis, and funds to help combat it.

The campaign video – a nod to a traditional wedding vow – encourages viewers to share photos of themselves raising a hand as if taking a vow, and, thereby,  to “Take the #VowForGirls;” while the original campaign ran from October 5-11, and raised money from sponsors who contributed $1 per post, like many other social-media campaigns, VowForGirls is now enjoying delayed virality, and many people are currently making related posts.

Of course, I encourage people to participate (as I have also done), but, please do so safely. Showing the world your fingers “up close” in photos posted online can create security problems – specifically, doing so can enable criminals to steal your fingerprints. Seriously.

In 2014, for example, a hacker successfully copied a German minister’s prints from high-resolution photographs of her, including from one image that was, at the time, made publicly available by a German government press office. In 2017, researchers from Japan’s National Institute of Informatics (NII) demonstrated how they could easily copy fingerprints from photos taken by a digital camera positioned as far away as just under ten feet away from a person; of course, today’s cameras are several generations more advanced, and sport better image quality than those of 2014 and 2017 – potentially exacerbating the likelihood of fingerprints being lifted from images.

So, before sharing photos of yourself taking the #VowForGirls, please blur any visible fingerprints. (Blurring your palm may also be a good idea.)

That said, I want to be clear that I am not endorsing fingerprint-based authentication; as I have said many times before, contrary to what many people have come to believe, fingerprints are almost never an appropriate way to authenticate people.

Every day, people leave fingerprints in thousands of publicly-accessible places from which anyone, including criminals, can easily lift them – would any rational person trust a password to secure anything sensitive if he or she wrote the password on thousands of pieces of paper, and placed such notes all over his or her office, home, car, gym, and in restaurants, on trains, planes, and buses, etc.? Does it really make sense to allow a phone to be unlocked with a fingerprint that has been left all over the device while holding it, and which a criminal who steals the phone can potentially lift? Also, keep in mind that while it is easy to reset a password after it is stolen, resetting fingerprints is quite a bit more difficult (and painful!)…

But, yet, despite the obvious problems with doing so, we know that many people and organizations trust fingerprints for authentication. So, please be sure to take proper precautions whenever sharing photos that show your fingerprints, including when you share your #VowForGirls image.

There are additional risks inherent in using fingerprints to secure and unlock devices; if you currently use fingerprints for authentication, be sure to learn about the downsides before deciding for yourself how you would like to proceed. For more information on this topic, please see my Forbes article, Why You Should Not Use Smartphone Fingerprint Readers.

(Testing a security feature – הפעלת כרטיס כאל)

Continue Reading

More in CyberSecurity




* indicates required