Biometrics

So, how long before biometrics really take off?

How long before we all have a thumb scanner attached to our PC, and this takes the place of the HUGE list of passwords we all now carry around in our brains?

I've always had secure passwords, because I more than 2 braincells. But more and more sites are enforcing secure passwords. And each site has a different rule that must be followed. More sites are requiring regularly changed passwords (which is always a good idea). At work, I have to change my passwords every month, and you can't re-use the same password. Even the most mundane of sites now require ultra secure passwords. I'm sorry, but I don't particularly care if someone can log on to my traffic.com account and check the traffic in my area under my user name, so I don't want to have to use a 15 character password containing uppercase, lowercase, numbers, symbols, heiroglyphics and arcane symbols of the dark magic persuasion.

My fear is that this undoubtedly good practice may lead to a drop in security. Afterall, we're only human. I now have soooo many passwords to remember, each with their own idiosyncratic rule set, that I fear I may have to resort to that most point defying practice of keeping them written down next to my PC. I will hate myself if I ever have to start doing this.

So. The logical answer is biometrics. Thumb scans, retina scans, etc...

Of course this carries it's own unique brand of problems. Not least that once you hack one system, you have the passcode for all systems, assuming you have either the physical ability to recreate a thumb print, or the computer knowhow to hack the system directly after the scanner and recreate the encoding.

All I know is that short of assigning everyone a 128 bit passkey at birth, we need to start looking at a security measure that's less prone to human fallibility.

one thing with Biometrics its not like you can forget them, and have to remember your secret answer to get it back

i think it would be awhile before it hits the mainstream, and is another part of life

Thumb scanners are certainly cheap enough now. But there are inherent problems with thumbscans - like the rather macabre thought that they don't change after the thumb is removed from the hand....

This is why thumb printing was quickly rejected by the banking industry when they were looking into biometrics.

Retina scans are more secure, but I'm guessing the equipment is still very expensive. Certainly too expensive to hit mainstream.

Theres a recruitment site called jobsite, i use alot... on it now you have your user name, your password.. and now a sercruity number? which they send you and they change every so often.. so its like a double password sercruity.. its a bit annoying if you forget the code, or it changes.. you got to apply for it again, and it normally take a few hours..
BIO scanning equipment is a great idea for passwords on your computer to websites.

Would it be as good for your ATM card?

Biometric authentication makes me uneasy.

For starters... people get injured. People lose fingers and eyes. If your PC authentication is purely based on your thumbprint, what happens when you have an accident at work and you lose your thumb?

Also.. theft. You can kidnap someone and try to coax or torture the corporate administrator password out of them. Or you can just knock them unconscious and use their thumb without doing all that messy coercion stuff.

And what happens when it gets stolen? The ability to replicate a thumbprint or retinal scan can't be that far off. What happens when someone bugs a door handle and copies all of your fingerprints? You're SOL.

Kind off but didn't Myth Busters to a show on security and bust thumbscans?

And do we all really want to be caltalogued?

This is called 2-factor authentication. Most highly secure financial institutions use it. They give out, or lease, small devices that display a 6-digit number that changes every minute. They must use the current number on this device as well as a password to log in.

The employee has "something you know" such as a password and "something you have" such as the number display key.

"Something you have" can also be a fingerprint or retinal scan for biometric authentication. 2-factor authentication is inherently far more secure than single-factor authentication.

If it was something like retina scans, which are more or less impossible to duplicate, and which change when the eye is removed from the head, then yes, I think they would be pretty good.

More secure than PINs anyway.

The argument "but someone could force you to scan your eye" is irrelevant when talking about relative security, since if they could make you do this, they could make you enter your PIN.

And it removes the ability to watch over someone's shoulder while they enter their PIN. No information can be intercepted externally when someone scans their retina.

Of course, we enter a whole realm of ethical issues. Do you really want your bank to have your iris scan on record? Especially if it's used for other important factors? How long before the local gym insists on iris recognition for entry? Hell, a lot of them use your social security number already, and that's none of their damn business and completely unnecessary.

Yea, i seen that on mythbusters, if i remember right, they got challenged to open a fingerprint scanner, and they did it using a piece of paper with the guys fingerprint on

Man i thought i was paranoid.. guess im not alone..

But your right.. Ever watched the movies where people eye are taken out to open doors, or a hand chopped off is used.. theres alot of sick people out there, and i believe if there is a will...
At this moment in the UK chip and pin is being used.. and I have heard its causing alot more problems then its worth..

I always say if a system is man made.. man can crack the system..

I think the "logical answer" to the multiple-password problem is not biometrics.

It's a unified authentication service.

Instead of GMail, Microsoft, TFS, Facebook, etc, all requiring their own login systems, you could have LoginCentral. You'd sign up for an anonymous account at LoginCentral. Then you head over to GMail and sign up for a GMail account using your LoginCentral credentials. Then you sign up for a Facebook account using your LoginCentral credentials. Etc etc.

There are some obvious problems with this system, but, if done right, it could easily fix the multiple-login problem.

i have never understood how chip & pin is so secure?

remembering a 4 digit pin is hell of alot easier than trying to duplicate someones signature

Those are significantly different things.

Forcing someone to actually perform an act such as turning over critical information is inherently different, and more difficult than, forcing someone to perform a physical act such as scanning an eye.

One of these requires the cooperation of the victim - the other doesn't. While effective interrogators or torturers might usually make the former possible, the latter is perfectly doable by any layman with a baseball bat.

There's already been a reported case of someone losing a thumb to carjackers.

This is my primary concern. I don't want my retina on file all over the wrold. I dont' want to be so readily identifiable...anymore so than I already am anyway.

Because it's something you have and something you know.

Credit card signatures have never been used as authentication devices. You can steal a credit card and, in 10 minutes, have a reasonable approximation of the signature down pat for making purchases just by looking at the back of the card. The purchase is not authorized or denied based on the signature anyway, unless the clerk sees that it's wildly different and says "hey, wait."

With chip and pin, you literally cannot make the purchase unless you both have the card and know the secret pin number.