Back to all blog posts

Giving Privacy a Hand

Or just your finger in this case.

Today for lunch, I went to Wendy’s.  I strolled up to the counter and, when the cashier took my order, I noticed something awesome.  The person running the register had to use their thumb to access the terminal.  This is sheer genius, I had to know more.

It was very basic in concept, you log in with your thumb print, so there is no question as to who is accessing the terminal or entering orders.  It also has a small privacy bonus.  In high school I worked for a small restaurant chain in Massachusetts that had a similar, albeit flawed, system. Every staff member had a card, which you would swipe to enter your orders or cash out a customer.  The issue was that anyone could use anyone else’s card.  It was hard to take care of, and if you lost or forgot your card, it was easier to borrow someone else’s than get a new one.  In other words, a server could ring up a couple burgers with my card, enter an incorrect order, and leave me with the responsibility of dealing with customer and managerial backlash.

Wendy’s system removes a lot of these issues.  First off, you cannot really borrow someone else’s thumb without them knowing.  This removes any question of who logged in when or entered an order.  Also, you cannot lose your thumb without knowing it (If you do, please consult a medical professional).   Finally, and best of all, the cost is only related to the scanner and software, along with any upkeep or maintenance. With limited exception, every employee you hire comes with their own login information.  This saves money, time, and leads to better privacy for their employees.

Of course, there are hacks to defeat biometric security. My favorite for fingerprints is the “gummy bear” hack. It is demonstrated by the Mythbusters™ in the following video using ballistic gel as well as latex as well as some other fingerprint defeating techniques.

While Wendy’s may not have the biggest implications for privacy, this could apply to anywhere.  Work at a pharmaceutical company and need to have secure two factor authentication?  Make one login a thumb print and the other a strong password.  The same applies to Research and Development at any company in any industry.  This kind of security measure allows you to keep information safe, whether that is a chicken sandwich with a diet coke, or the source code to your software.