Monday, September 23, 2013
Biometric Blunder
People have always wondered why we don't use finger prints for computer security -- after all, it is the ultimate form of proof on crime scenes. The basic answer is that there is no good way to completely secure your fingerprint data and prove its you. As proof of that, just one day after Apple released their own form of fingerprint login, known as touch ID, people were able to bypass the system. The real answer however does not come from how secure it is, but how dangerous it is. When suspicion arises that your email account has been compromised, the first thing to do is change your password. This is not such an easy task when all you have is ten passwords. Passwords can be guessed, can be written down, and can be completely insecure, but once a password is compromised, it can be changed. Fingerprints might have the potential to be completely secure, but once compromised, can never be altered. Were back to insecure practices, every password to every account is the same; say goodbye to your identity.
Subscribe to:
Post Comments (Atom)
The immutability of fingerprints is a great point. A while back it was proposed that smart phones could authenticte their owners by using facial recognition through their HD cameras. This idea crashed with the discovery that a person could trick the phone into unlocking by holding up a picture of the owner's face.
ReplyDeleteBiometric security could be a great use case for the first half of two-factor authentication. Then you don't need a password to get the authentication code sent to your phone, and if someone else compromises your fingerprint they still don't have access to your phone.
ReplyDeleteThe most damning argument against biometrics is immutability. How do I reset my thumbprint if someone makes a silicone mold of it? Even worse, it forces "lead-pipe cryptography" to resort to dismemberment. The implications are quite disturbing.
ReplyDelete