24 Hour Fitness Rolling Out Fingerprint-Based ID Entry System

Gym chain 24 Hour Fitness is getting some attention for a new program that uses members’ fingerprints to replace the gym’s existing photo ID system.

A rep for 24 Hour Fitness says that even though the system scans members’ fingerprints, they have no plans to keep the prints on file. He says that members will select a PIN, then have their fingerprints scanned. This will generate a second code number.

“What we actually store is the number that is generated by the scan,” explains the rep. “We’re not actually keeping an image of your fingerprint. We’re storing a number.”

The rep says that the program is optional, so for those who balk at the idea of having their prints scanned at all, they will still be allowed to use their photo ID. He claims that test markets for the fingerprint program have seen “97 percent of our members had decided to opt in to the new system as their preferred check in… Overwhelmingly, it’s been positive.”

What do you think of this system? Is gym fraud that rampant that it requires fingerprint scanning? Or maybe they just don’t want Bayan Rabbani spending another 24 hours in one of their gyms

24 Hour Fitness implements new fingerprint program [Santa Cruz Sentinel]

Thanks to David for the tip!

Comments

Edit Your Comment

  1. qwickone says:

    I’m guessing people don’t want to carry their membership card in so they would rather scan their fingerprint?

    • DariusC says:

      Kinda hard to lose a finger…

    • evnmorlo says:

      They probably don’t want people to share a membership

    • ekincam says:

      The 24 hour fitness locations here require that patrons have a photo ID on them in addition to the membership card. They refuse to scan the membership card until one presents gov issued photo ID of some sort.

    • spamtasticus says:

      This is rich. If you thought it was bad when a company’s servers get cracked and someone steals millions of credit card numbers, wait until they steal the “Digital representation of your finger”. The card numbers can be revoked where as your fingerprint’s “code” can never, ever, ever, never, ever be revoked.

      Woops.

  2. Hi_Hello says:

    it would be nice to carry less cards in my wallet.

  3. nova3930 says:

    My gym has fingerprint scanners and its awfully convenient.

  4. chancyrendezvous says:

    My gym has the mini keychain membership cards. Most folks take their keys to the gym so it seems to work out pretty well.

  5. UnicornMaster says:

    +1 for convenience
    -1 for privacy

    • Talisker says:

      Because a numeric hash derived from your fingerprint scan is somehow less private than giving the gym your driver’s license and credit card number when you sign up? Or your checking account and routing number?

      • LandruBek says:

        Yes:

        • Checking acct. data: they sure as hell don’t get that.
        • CC#: there are legal mechanisms that limit my liability and prevent fraud.
        • DL#: haven’t been asked to give that up, not sure if I would.

        But there’s not much anyone can do to help protect you from a gummy bear attack.

    • Framling says:

      Not really. They basically hash your fingerprint, it never gets stored.

    • sonneillon says:

      That equals zero so you break even. No harm no foul.

  6. lehrdude says:

    Personally, I’d prefer a retinal scan…But I don’t belong to a gym, so I guess fingerprints are cool too…

  7. BrianneG says:

    I’m constantly dropping my ID card while I’m at the gym so I don’t mind having one less thiing to lose.

  8. FizzBot says:

    I have gone to a 24-hr gym with a fingerprint system for two years. Maybe once every two months, the system has a hiccup and I can’t get in, but it’s also comforting that my moochy family members can’t try to steal my pass like they did at the Y.

  9. evnmorlo says:

    “97 percent of our members had decided to opt in”

    Sounds like those referendums Saddam or Hitler held

  10. E. Zachary Knight says:

    Upon reading this article, the following Daily WTF story came to mind:

    http://thedailywtf.com/Articles/Cracking-your-Fingers.aspx

  11. aggrazel says:

    Sounds like something I read on The Daily WTF : http://thedailywtf.com/Articles/Cracking-your-Fingers.aspx

  12. wbeem says:

    It sounds like the rep is telling the truth. Biometric scanners use minutae – the points where your fingerprints join or diverge – to develop a map that identifies you. That result gets compared against your actual fingerprint when you scan it.

    Maybe these technologies wouldn’t inspire such fear if people were better educated. Then again, the government lies about photographs from those TSA scanners, so how do you trust anyone?

  13. ThunderRoad says:

    I’d rather just have an electronic key fob on my key ring.

  14. aloria says:

    I’ve been to places that have hand or fingerprint scanners instead of ID scanners. They’re terrible. With the amount of people coming in, the things need to be wiped down constantly or they get so gunked up with oil and grime that they can’t read the print properly.

  15. gafpromise says:

    Right, because those Pay-By-Touch systems you used to see in grocery stores were a really big hit and they were sooo convenient and everyone uses them now – oh wait, they don’t? /sarcasm

    • scoobydoo says:

      Well, that scheme failed because the owner was a convicted drug dealer who ran the company into the ground. PaybyTouch was fantastic, and I really miss having it at the local grocery store.

  16. missdona says:

    My gym has a sign-in sheet… no weird privacy thing, no cards to carry around. The best of all worlds.

  17. Donathius says:

    It’s also faster if there are a bunch of people coming in. That way it’s just a quick press of the thumb scanner instead of handing your card to the person at the desk and waiting while they scan each one.

    That being said I work in IT and my thumbprint gets me into some pretty secure areas. I’d be uncomfortable using my thumb print for something like that. I’d try and use a different finger.

  18. Jacquilynne says:

    I would actually welcome this at my gym. The trouble is that my gym has two levels of membership and different locker rooms to go with them. So you need your membership tag not just to get into the building but also into the locker room. And that means you have to carry the tag with you to your workout, which is inconvenient. If I could swipe into the locker room with a fingerprint, that’d be good.

    Of course, I don’t know how well fingerprint scanners work of people who’ve been in a swimming pool for the last 2 hours.

  19. Emily says:

    It’s definitely optional. My gym put them in recently, and everyone is still opting to use the ID cards… I haven’t seen a single person use the fingerprint scanners. The staff (wisely) are saying nothing and pretending like the fingerprint scanners aren’t there.

  20. wmasson says:

    So I work for a university where we have a student ID card. Our rec center is going through the exact transition and they come to us because we use biometric access in some of our buildings. (places where security has to be high because of the sensitive nature of the materials) Our system does not store finger prints. Our system reads the minutiae (http://bit.ly/cbjHdL) and stores an algorithm from the finger print. Each individual is assigned a unique id number based on the minutiae. The reason our rec center wants to use bio for access is because our students often forget their id cards and they tend not to return to the gym a second time. Obviously the gym wants students to take advantage of the service. So, as an administrator of this type of system, I like it. We spend a lot of money ensuring the highest levels of security and we implement the most cutting edge tech possible (ie multiple levels of encryption, top of the line cards, readers, and key management policies) As a user of the rec center I like not using my card because I dont have to carry it around or worry about lossing it while in the pool or on the treadmill. The company may have some questionable practices around data management but that is not a problem with the technology. I would ask them a lot of questions about how they manage data and hoe access is provisioned to users.

  21. tangodiva says:

    We got those a couple of years ago, they were always broken. They gave up and went back to cards at both of the gyms I frequent…

  22. HeatherLynn30 says:

    I go to 24-Hour Fitness and am signed up for the scanners. It’s totally convenient, especially when there’s a line of people who haven’t signed up waiting to use their cards. I had my fingerprints taken during the kidnapping freakout wave of the ’80s, so what’s one more?

  23. oldwiz65 says:

    There was an episode of Mythbusters where they showed that fingerprint readers could be fooled if you could get a fingerprint on a glass from someone who was authorized.

    • CFinWV says:

      They’re definitely not infallible, ask anyone (like myself) who works with the scanners. I notice it from having to test them daily for use, there are natural fluctuations in the quality and readability of your prints. Especially people who work with their hands like brick layers and painters.

  24. Andrew360 says:

    Express Tan does this. It’s very convenient.

  25. trencherman says:

    Disney does this–not a problem.

  26. polyeaster says:

    they’re going to make it so hard to use the non fingerprint way that everyone caves

  27. dg says:

    I think this program sucks and is a privacy violation. Whatever program they used to scan the fingerprint and turn it into a number can be reversed. If their database gets hacked, how do I change my PIN? Oh, I have 9 others? What about the one that’s been lost to the wild?

    How do I know their system does what they claim or think it does and that it’s not doing something else?

    No no no, the simple solution is the best – keep a list of your customers, and have the person just show you a state ID or DL with a pic on it and look it up…

    I will NEVER give anyone a fingerprint, hand print, palm scan, retinal scan, or iris photo – biometrics are mine. Not theirs. Just say no. Even better – work out at home and screw the gym…

    • consumer420 says:

      I’m usually all for privacy, but I’ve been fingerprinted so many times what problem is one more. If someone really wanted your prints it probably wouldn’t be hard to get them either.

    • yankinwaoz says:

      No. You are wrong. A one way hash can not be reversed. That is why they work so well.

      • dg says:

        Wrong – Collisions are found, or flaws in the hashing algorithm are discovered. That’s why we moved from MD5 to SHA1, and from SHA1 to now SHA256…

        It *MAY* be secure for a brief period of time, but how long is that? Fact is, if I don’t use this technology then I don’t have to worry about any possibilities of collisions, flaws, or things that the NSA may know that the rest of us don’t.

    • cromartie says:

      I’ve worked with biometrics for over a decade. You’re delusional, except for that workout at home part.

      • dg says:

        So have I, that’s why I refuse to use the systems that implement biometric access. Remember the asian researcher who used some gummy to duplicate someone’s fingerprint? Once you start using biometrics to authenticate, then the person who allegedly authenticated through a system is in the unholy position of proving that they weren’t actually there and that someone reproduced their biometrics somehow.

        Don’t use the system, and this is one less worry to have.

        Another concern is that as the use of the systems expands, risk increases to the user. If someone knows that you work for company X, and they use a fingerprint system and that you frequent the gym, then they simply get your fingerprint from something you touch at the gym, and use it to obtain the access they need at the company.

    • dg says:

      read here:

      www (dot) schneier (dot) com (slash) essay-019 (dot) html

  28. homehome says:

    My gym at my alma mater had this, it made it quick and easy to get in and out. I understand ppl didn’t like this, but that’s their choice, they had 15 gyms in our area that didn’t.

  29. homehome says:

    My gym at my alma mater had this, it made it quick and easy to get in and out. I understand ppl didn’t like this, but that’s their choice, they had 15 gyms in our area that didn’t.

  30. JANSCHOLL says:

    We have fobs on a chain or key holder and when we wave it a photo of our face pops up. If it doesn’t match, an alarm goes off. Or if two people try to come thru on same swipe. Costs are kept low when people don’t cheat.

  31. Mecharine says:

    Can they just use RSA one-time keys for this? What is the point of doing something unnecessary like using fingerprints to generate a one time key?

  32. Dallas_shopper says:

    I’m a member at 24 Hour Fitness, have been for 2 years, and I am stubbornly continuing to use my photo ID.

  33. humphrmi says:

    The issue isn’t entirely what 24 Hour Fitness is doing with the fingerprints, it’s what others can do with them when they steal 24 Hour Fitness’ member database. So they store a number, eh? Like an MD5 hash or so? Easy to rebuild the image from the number.

    • asamtoy says:

      I’m still not sure what the problem would be. Would they then fake fingerprints at crime scenes?

  34. TabrisLee says:

    I used to go to a 24 hour gym, and one of the most annoying things in the world was the gaggle of frat boys rolling in at 10 pm when only one of them had a membership. I think a tighter control over who has access at all hours of the night isn’t a bad thing at all, and I’m sure the later-hours members would agree. Nothing sucks worse than trying to work out when there are others milling about that have no business being there. They’re disrespectful to the equipment and obnoxious.

  35. sodium says:

    They did this at my school gym. It makes it harder for people to sneak their friends in for free. I liked it.

  36. JMILLER says:

    My concern is not privacy at all. It is touching my hands where someone else does. What if I scan mine after the guy who just took a dump and the tp was one ply? I will not touch a door knob with my bare hands, so if I need to touch something, I would be freaking out.

  37. chefguru says:

    Big deal… this isn’t news. I was a member of a 24 hour gym 5 years ago that used fingerprint ID scanners to get in.

  38. Conformist138 says:

    My gym just uses the same key as my front door.
    Same door, too.

  39. moore850 says:

    As a computer system engineer I have to point out that there’s no way to key the id to the fingerprint without storing enough individually identifying characteristics of the fingerprint to uniquely identify the key. Sorry, 24-hour fitness, but that’s just not possible.

  40. asamtoy says:

    Fitworks in Cleveland is already doing this – it’s really convenient.

  41. The_Gypsy says:

    I work for 24 Hour Fitness and our club is slated to have the fingerprint scanners installed later this year. After working in the fitness industry for nearly six years as a front desk attendant I can tell you that this is actually a great thing. Not only will the new system cut down on the amount of cards our members have to carry it will also cut down on fraud. I have seen the things that people do to try to trick the front desk employees including using fake IDs. It will also cut down on how often the front desk employees get sick during cold and flu season from being passed cards all day long. I worked at another fitness chain years ago and even with hand sanitizer I was sick three times a year because of people handing me their dirty keys all day long.

  42. jettifer says:

    Just a quick update on this one: I was given a deadline to go to the fingerprint system. this week. I asked if it was optional, and told yes. But, if it’s busy, you’ll have to wait until everyone else goes in. So, essentially, I have the OPTION to become a second class citizen at my own gym (paying full price) for not wanting to scan my prints (which the government have on file for an actual good reason). I’m just going to say no.

    ps. don’t the counter people see that this is essentially just a way of eliminating their jobs???

  43. MadasHell says:

    24 Hour Fitness has been increasingly trying to get me to sign up to their fingerprint system. Today I was refused entrance because my Govt issued picture ID was a photocopy and not the original. I have been a member for a number of years and a photo copy of my ID has always been accepted. There were no signs informing me of this policy change, nothing in the mail, and when I came in on Monday and Tuesday, no staff member informed me of any upcoming change. An organization like this can not be trusted with fingerprint data, they are unscrupulous and dishonest.