Gym chain 24 Hour Fitness is getting some attention for a new program that uses members’ fingerprints to replace the gym’s existing photo ID system.
A rep for 24 Hour Fitness says that even though the system scans members’ fingerprints, they have no plans to keep the prints on file. He says that members will select a PIN, then have their fingerprints scanned. This will generate a second code number.
“What we actually store is the number that is generated by the scan,” explains the rep. “We’re not actually keeping an image of your fingerprint. We’re storing a number.”
The rep says that the program is optional, so for those who balk at the idea of having their prints scanned at all, they will still be allowed to use their photo ID. He claims that test markets for the fingerprint program have seen “97 percent of our members had decided to opt in to the new system as their preferred check in… Overwhelmingly, it’s been positive.”
What do you think of this system? Is gym fraud that rampant that it requires fingerprint scanning? Or maybe they just don’t want Bayan Rabbani spending another 24 hours in one of their gyms…
24 Hour Fitness implements new fingerprint program [Santa Cruz Sentinel]
Thanks to David for the tip!
More From Consumerist
-
Who Has The Right To Use An Empty Exercise Room At The Gym?
-
Should Group Fitness Classes Stay Out Of Public Parks?
-
Neither L.A. Fitness Nor American Express Care That Customer Was Overcharged Hundreds Of Dollars
-
Looking For Love In All The Wrong Places? Try Walmart
-
Everyone Compares This Korean Fitness Device To The Shake Weight For Some Reason
I’m guessing people don’t want to carry their membership card in so they would rather scan their fingerprint?
Kinda hard to lose a finger…
It all depends on how klutzy you are.
They probably don’t want people to share a membership
The 24 hour fitness locations here require that patrons have a photo ID on them in addition to the membership card. They refuse to scan the membership card until one presents gov issued photo ID of some sort.
This is rich. If you thought it was bad when a company’s servers get cracked and someone steals millions of credit card numbers, wait until they steal the “Digital representation of your finger”. The card numbers can be revoked where as your fingerprint’s “code” can never, ever, ever, never, ever be revoked.
Woops.
it would be nice to carry less cards in my wallet.
My gym has fingerprint scanners and its awfully convenient.
My gym has the mini keychain membership cards. Most folks take their keys to the gym so it seems to work out pretty well.
+1 for convenience
-1 for privacy
Because a numeric hash derived from your fingerprint scan is somehow less private than giving the gym your driver’s license and credit card number when you sign up? Or your checking account and routing number?
Yes:
But there’s not much anyone can do to help protect you from a gummy bear attack.
Not really. They basically hash your fingerprint, it never gets stored.
That equals zero so you break even. No harm no foul.
Personally, I’d prefer a retinal scan…But I don’t belong to a gym, so I guess fingerprints are cool too…
I’m constantly dropping my ID card while I’m at the gym so I don’t mind having one less thiing to lose.
I have gone to a 24-hr gym with a fingerprint system for two years. Maybe once every two months, the system has a hiccup and I can’t get in, but it’s also comforting that my moochy family members can’t try to steal my pass like they did at the Y.
“97 percent of our members had decided to opt in”
Sounds like those referendums Saddam or Hitler held
FTW! That was my first thought too.
Fitness club to murderous regime is just a *tiny* bit of a stretch, don’t you think?
oh come on, it was funny.
Lighten up.
Whoaaaaa… a double Godwin! WHAT DOES IT MEAN?
Upon reading this article, the following Daily WTF story came to mind:
http://thedailywtf.com/Articles/Cracking-your-Fingers.aspx
Sounds like something I read on The Daily WTF : http://thedailywtf.com/Articles/Cracking-your-Fingers.aspx
It sounds like the rep is telling the truth. Biometric scanners use minutae – the points where your fingerprints join or diverge – to develop a map that identifies you. That result gets compared against your actual fingerprint when you scan it.
Maybe these technologies wouldn’t inspire such fear if people were better educated. Then again, the government lies about photographs from those TSA scanners, so how do you trust anyone?
Those weren’t TSA scanners. Those scanners were used by a courthouse in Florida.
I’d rather just have an electronic key fob on my key ring.
I’ve been to places that have hand or fingerprint scanners instead of ID scanners. They’re terrible. With the amount of people coming in, the things need to be wiped down constantly or they get so gunked up with oil and grime that they can’t read the print properly.
Right, because those Pay-By-Touch systems you used to see in grocery stores were a really big hit and they were sooo convenient and everyone uses them now – oh wait, they don’t? /sarcasm
Well, that scheme failed because the owner was a convicted drug dealer who ran the company into the ground. PaybyTouch was fantastic, and I really miss having it at the local grocery store.
My gym has a sign-in sheet… no weird privacy thing, no cards to carry around. The best of all worlds.
What, do you go to Average Joe’s Gym?
A Local, Mom-and Pop-Gym. $265 for the year (if you pre-pay), there’s no list for the machines, includes all classes, has a pool, steam room and jacuzzi. It’s the best gym ever.
You obviously didn’t get the joke… its from the movie Dodgeball…
Oops. You got me, not a fan.
It’s also faster if there are a bunch of people coming in. That way it’s just a quick press of the thumb scanner instead of handing your card to the person at the desk and waiting while they scan each one.
That being said I work in IT and my thumbprint gets me into some pretty secure areas. I’d be uncomfortable using my thumb print for something like that. I’d try and use a different finger.
I would actually welcome this at my gym. The trouble is that my gym has two levels of membership and different locker rooms to go with them. So you need your membership tag not just to get into the building but also into the locker room. And that means you have to carry the tag with you to your workout, which is inconvenient. If I could swipe into the locker room with a fingerprint, that’d be good.
Of course, I don’t know how well fingerprint scanners work of people who’ve been in a swimming pool for the last 2 hours.
It’s definitely optional. My gym put them in recently, and everyone is still opting to use the ID cards… I haven’t seen a single person use the fingerprint scanners. The staff (wisely) are saying nothing and pretending like the fingerprint scanners aren’t there.
So I work for a university where we have a student ID card. Our rec center is going through the exact transition and they come to us because we use biometric access in some of our buildings. (places where security has to be high because of the sensitive nature of the materials) Our system does not store finger prints. Our system reads the minutiae (http://bit.ly/cbjHdL) and stores an algorithm from the finger print. Each individual is assigned a unique id number based on the minutiae. The reason our rec center wants to use bio for access is because our students often forget their id cards and they tend not to return to the gym a second time. Obviously the gym wants students to take advantage of the service. So, as an administrator of this type of system, I like it. We spend a lot of money ensuring the highest levels of security and we implement the most cutting edge tech possible (ie multiple levels of encryption, top of the line cards, readers, and key management policies) As a user of the rec center I like not using my card because I dont have to carry it around or worry about lossing it while in the pool or on the treadmill. The company may have some questionable practices around data management but that is not a problem with the technology. I would ask them a lot of questions about how they manage data and hoe access is provisioned to users.
We got those a couple of years ago, they were always broken. They gave up and went back to cards at both of the gyms I frequent…
I go to 24-Hour Fitness and am signed up for the scanners. It’s totally convenient, especially when there’s a line of people who haven’t signed up waiting to use their cards. I had my fingerprints taken during the kidnapping freakout wave of the ’80s, so what’s one more?
There was an episode of Mythbusters where they showed that fingerprint readers could be fooled if you could get a fingerprint on a glass from someone who was authorized.
They’re definitely not infallible, ask anyone (like myself) who works with the scanners. I notice it from having to test them daily for use, there are natural fluctuations in the quality and readability of your prints. Especially people who work with their hands like brick layers and painters.
Express Tan does this. It’s very convenient.
Disney does this–not a problem.
they’re going to make it so hard to use the non fingerprint way that everyone caves
I think this program sucks and is a privacy violation. Whatever program they used to scan the fingerprint and turn it into a number can be reversed. If their database gets hacked, how do I change my PIN? Oh, I have 9 others? What about the one that’s been lost to the wild?
How do I know their system does what they claim or think it does and that it’s not doing something else?
No no no, the simple solution is the best – keep a list of your customers, and have the person just show you a state ID or DL with a pic on it and look it up…
I will NEVER give anyone a fingerprint, hand print, palm scan, retinal scan, or iris photo – biometrics are mine. Not theirs. Just say no. Even better – work out at home and screw the gym…
I’m usually all for privacy, but I’ve been fingerprinted so many times what problem is one more. If someone really wanted your prints it probably wouldn’t be hard to get them either.
No. You are wrong. A one way hash can not be reversed. That is why they work so well.
Wrong – Collisions are found, or flaws in the hashing algorithm are discovered. That’s why we moved from MD5 to SHA1, and from SHA1 to now SHA256…
It *MAY* be secure for a brief period of time, but how long is that? Fact is, if I don’t use this technology then I don’t have to worry about any possibilities of collisions, flaws, or things that the NSA may know that the rest of us don’t.
I’ve worked with biometrics for over a decade. You’re delusional, except for that workout at home part.
So have I, that’s why I refuse to use the systems that implement biometric access. Remember the asian researcher who used some gummy to duplicate someone’s fingerprint? Once you start using biometrics to authenticate, then the person who allegedly authenticated through a system is in the unholy position of proving that they weren’t actually there and that someone reproduced their biometrics somehow.
Don’t use the system, and this is one less worry to have.
Another concern is that as the use of the systems expands, risk increases to the user. If someone knows that you work for company X, and they use a fingerprint system and that you frequent the gym, then they simply get your fingerprint from something you touch at the gym, and use it to obtain the access they need at the company.
read here:
www (dot) schneier (dot) com (slash) essay-019 (dot) html
My gym at my alma mater had this, it made it quick and easy to get in and out. I understand ppl didn’t like this, but that’s their choice, they had 15 gyms in our area that didn’t.
My gym at my alma mater had this, it made it quick and easy to get in and out. I understand ppl didn’t like this, but that’s their choice, they had 15 gyms in our area that didn’t.
We have fobs on a chain or key holder and when we wave it a photo of our face pops up. If it doesn’t match, an alarm goes off. Or if two people try to come thru on same swipe. Costs are kept low when people don’t cheat.
Can they just use RSA one-time keys for this? What is the point of doing something unnecessary like using fingerprints to generate a one time key?
I’m a member at 24 Hour Fitness, have been for 2 years, and I am stubbornly continuing to use my photo ID.
The issue isn’t entirely what 24 Hour Fitness is doing with the fingerprints, it’s what others can do with them when they steal 24 Hour Fitness’ member database. So they store a number, eh? Like an MD5 hash or so? Easy to rebuild the image from the number.
I’m still not sure what the problem would be. Would they then fake fingerprints at crime scenes?
I used to go to a 24 hour gym, and one of the most annoying things in the world was the gaggle of frat boys rolling in at 10 pm when only one of them had a membership. I think a tighter control over who has access at all hours of the night isn’t a bad thing at all, and I’m sure the later-hours members would agree. Nothing sucks worse than trying to work out when there are others milling about that have no business being there. They’re disrespectful to the equipment and obnoxious.
They did this at my school gym. It makes it harder for people to sneak their friends in for free. I liked it.
My concern is not privacy at all. It is touching my hands where someone else does. What if I scan mine after the guy who just took a dump and the tp was one ply? I will not touch a door knob with my bare hands, so if I need to touch something, I would be freaking out.
Big deal… this isn’t news. I was a member of a 24 hour gym 5 years ago that used fingerprint ID scanners to get in.
My gym just uses the same key as my front door.
Same door, too.
As a computer system engineer I have to point out that there’s no way to key the id to the fingerprint without storing enough individually identifying characteristics of the fingerprint to uniquely identify the key. Sorry, 24-hour fitness, but that’s just not possible.
Fitworks in Cleveland is already doing this – it’s really convenient.
I work for 24 Hour Fitness and our club is slated to have the fingerprint scanners installed later this year. After working in the fitness industry for nearly six years as a front desk attendant I can tell you that this is actually a great thing. Not only will the new system cut down on the amount of cards our members have to carry it will also cut down on fraud. I have seen the things that people do to try to trick the front desk employees including using fake IDs. It will also cut down on how often the front desk employees get sick during cold and flu season from being passed cards all day long. I worked at another fitness chain years ago and even with hand sanitizer I was sick three times a year because of people handing me their dirty keys all day long.
Just a quick update on this one: I was given a deadline to go to the fingerprint system. this week. I asked if it was optional, and told yes. But, if it’s busy, you’ll have to wait until everyone else goes in. So, essentially, I have the OPTION to become a second class citizen at my own gym (paying full price) for not wanting to scan my prints (which the government have on file for an actual good reason). I’m just going to say no.
ps. don’t the counter people see that this is essentially just a way of eliminating their jobs???
24 Hour Fitness has been increasingly trying to get me to sign up to their fingerprint system. Today I was refused entrance because my Govt issued picture ID was a photocopy and not the original. I have been a member for a number of years and a photo copy of my ID has always been accepted. There were no signs informing me of this policy change, nothing in the mail, and when I came in on Monday and Tuesday, no staff member informed me of any upcoming change. An organization like this can not be trusted with fingerprint data, they are unscrupulous and dishonest.