For young couples, major relationship milestones used to look something like a borrowed letterman jacket or a shiny key to an apartment — a show of trust and commitment, and a means to say, what’s mine is yours.
Younger millennials and Gen Z teens, more tech-savvy and less privacy-keen than generations before, have kept the sentiment, but replaced lending their letterman jacket with swapping biometric passwords like a fingerprint or facial recognition ID to access their partner’s phone.
As smartphones like those made by Apple and Google increasingly move toward biometric access, younger users lean on the convenience of a single tap or look, over traditional passcodes. And with the option to store multiple fingerprints or facial appearances, couples are lending a finger for easing unlocking of their significant other’s device.
“I think that inherently, people desire to share themselves and to be known. Sharing your phone fingerprints demonstrates trust between two people, and that you are OK with being known by that person, and that they’re OK with you knowing them too,” said Emma Clarke, a 24-year-old living in New York City who’s previously swapped fingerprint biometrics with a boyfriend to access his phone.
“People like having a special connection with someone that others don’t have and showing it off. It’s the modern version of putting your boyfriend in your top friends on MySpace,” Clarke said.
Most of the young couples I talked to noted the convenience of having one-tap access to a significant other’s phone. Switch the song while she’s driving, check the recipe while his hands are busy cooking. Her phone has apps his doesn’t.
Still, sharing a numerical code could grant access for those occasions, which is what several 30-plus-year-old couples told me. Several Gen Xers or Baby Boomers I asked hadn’t ever considered swapping fingerprints, and weren’t easily convinced by a list of conveniences.
Storing a partner’s biometric data seems to be a uniquely younger compulsion, and likely tied to the typical millennial nonchalance around cybersecurity that comes with a digital childhood and regular headlines of data breaches. Younger generations are more used to, even more comfortable with, the risk of having sensitive information stolen, so sharing an otherwise strong security metric doesn’t register as risky.
In the digital age, sharing a biometric password — or a social media password, for example — is something akin to sharing finances with a partner, according to sex and relationship expert Tammy Nelson.
“The whole idea of sharing levels of technology, sharing levels of passwords, levels of transparency on their phone, their social media,” Nelson said, “our privacy has become about intimacy.”
Nelson said storing a partner’s fingerprint shouldn’t be taken lightly. A password can be changed, she said, but a biometric is harder to replace.
“It’s a little bit of the naivete that, this is going to last forever, nothing is ever going to go wrong, we’re always going to respect each other’s space,” she said. “What you think is private and secret, the other person probably has a much different idea, but you assume you mean the same thing, and that’s the beginning of the betrayal.”
The primary risk in sharing biometric access, according to cybersecurity expert and former prosecutor Patrick Doherty, is whether the person you trust with access could later become untrustworthy.
In the event of a falling out, a partner with device access could steal information or act publicly online on your behalf — post on social media or send a damaging email, for example. There’s also recent legal precedent that says law enforcement can compel someone to unlock a smartphone with a biometric, said Doherty, associate managing director at cybersecurity advisory firm K2 Intelligence.
“If they do have a biometric that is contained or provides access to an account or device that may be linked with criminality … I would see instances where you would be able to compel a spouse,” Doherty said. “I think it certainly gives law enforcement more individuals to look for.”
Google smartphones and older iPhones that still feature the Touch ID system allow users to store up to five fingerprints. Newer iPhones do away with Touch ID in favor of facial recognition, but even Apple’s Face ID now allows for an “alternate appearance” on the most recent operating system.
Apple’s support pages for Face ID and Touch ID don’t explicitly caution against sharing biometric access. Google’s Pixel support page does, but in relatively mild terms, saying only “anyone whose fingerprints you add will be able to unlock your device and authorize purchases with your account” and noting that secondary users should store their fingerprints as part of a separate user profile.
It’s safest to keep your fingerprints close, though, according to Alan Brill, senior managing director for cyber risk at Kroll Experts.
Fingerprint scanners like Apple’s Touch ID don’t match an image of the fingerprint to a previously taken image, Brill said. Instead, they unlock a device by using an algorithm to translate the image into a string of characters, and match the characters to a previous translation.
Similar devices by the same company typically use the same algorithm, Brill said, and so the act of scanning your fingerprint across multiple devices is similar to entering the same password across multiple websites around the web — a practice long denounced by security experts for its heightened risk of breach.
“It doesn’t take long until you run out of fingers. So as we go to more and more biometrics, it becomes increasingly vital that the technological infrastructure behind that biometric — how it’s stored, how it’s transmitted, how it’s used — has to be very, very secure,” Brill said.