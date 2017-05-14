Slashdot Asks: Should Businesses Switch To Biometric Passwords? (hbr.org) 117
This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app.
This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?
I'm not sure I like the idea...
I can see a whole lot of privacy and "Big Brother" problems with biometric authentication...
Re:I'm not sure I like the idea...
However most of security problems are not from targeted attack but from broad sweeping ones. Back in the 1980 an insecure server was a server that didn't need a password to login. And for the most part they were safe because they didn't have information that people wanted or were such a small group they were not targeted for anything as to connect to the server they needed to know the telephone number and at $0.10 per call it was expensive to war dial. Once computers started to be connected to the internet at a significant level then they really needed authentication because it got easier and cheaper to just try a bunch of IP addresses. Biometric may not be good for access to a secure location or a high targeted attack. But for the bulk of the systems who are more or less just fallout from a wide attack can be much safer.
The real problem with biometric is the relative difficulty to program. We still have newly developed apps that store the passwords in clear text. Expecting developers to widely use a biometric alorithms which is much harder to code then a
SELECT uid FROM users WHERE loginname=@login and password=@password
Most institutions will not pay for skilled developers so they have kids out of college or an offshore developer with just rudimentary stills who may have energy and ambition but lack the experience to think of problems in term of full lifecycle needs. Forcing most programs to use the same biometric API and treating the data in the most haphazard way possible.
Biometrics are NOT passwords
Biometrics aren't passwords, they are user IDs.
Treating them as passwords is a popular idea but will inevitably lead to disaster. Who would choose a password they could never change and then give that same password to countless other parties? Even if we did that, what would be the equivalent to good practices like storing password hashes instead of the originals in case of compromise?
Biometrics aren't passwords, they are user IDs.
They're neither. http://divegeekstuff.blogspot.... [blogspot.com]
It will be much worse then that, since you cannot create a reliable hash from biometric data (since the biometric changes slightly from time to time) every off-line attack against a leaked database will be an instant reveal of all "passwords" since all of them will be your password=@password scheme.
Irrelevant, because biometrics aren't secret to begin with.
Re:I'm not sure I like the idea...
Re: I'm not sure I like the idea...
More generally, if the information gets stolen, you can never change it.
This is true, but irrelevant. Replaceability is unnecessary for biometric security. Your biometrics wouldn't be any more (or less) secure if you could replace them.
That's why people should adopt the philosophies of "biometrics = who you are (username)"
This is also wrong. Biometrics are terrible identifiers. They have no uniqueness guarantees and cannot be matched exactly, which makes them prone to Birthday Paradox problems.
Here's my screed on fingerprint / biometric security [blogspot.com], which I'm going to post on every
/. article where these incorrect ideas come up. Maybe it will help.
Claim:Fingerp
Good identifiers should have uniqueness guarantees, biometrics don't. Good identifiers should always either match or not match, biometric matching is fuzzy, every match is a judgement call.
You make good points, here and throughout your post. However, I don't think the above undermines the biometrics-as-IDs analogy to the extent that you're arguing here. A great many online systems today use an email address as an ID, yet email addresses can suffer from exactly the same problems. We use a person's name and mailing address to send them post, but again the same problems can arise. In practice, not many IDs that we use are good identifiers by your definition -- and again, I'm not disputing that d
His arguments against using biometrics as identifiers were the birthday paradox and fuzzy matching, which absolutely don't apply at all to email addresses. Aside from very deliberate email account sharing between family members, no two people have any chance at all of having the same email address. Secondly, matching an email address is not fuzzy at all.
Excellent post!
permanent password for a temporary feeling
Your biometric password can't be changed. Just because we don't know how to hack them now doesn't mean it won't be trivial in the future. finger print readers are wafer thin right now, whose to say a wafer thin electrode array can't drive one of these with some one eleses fingerprint. As for getting that finger print well, you will have it from any one of the biometric devices that the person gave it to.
It's just a passing phase in password land where biometric passwords are convenient but no ubiquitous
Frost betterave tosp!
No.
TL;DR : not revokable, risk shifting
First time poster, long time reader.
Biometric elements regarding authentication fail regarding two major issues.
First issue, they can't be revoked. There won't ever be a "change your retina" or "forgot my bird to flip" form. Forget being forgotten, forget witness protection etc.
Second major issue : risk shifting.
If my credentials have value, then it stands to reason I can be assaulted to get them. To protect itself, my employer asks me at least two factors and I am OK with what I know and what I have. Both
No
Biometrics suck
Biometrics are subject to replay attacks and, once compromised, can never be changed.
No! Of course not!
Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.
It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.
BTW, here's a nice overview video on the topic:
https://media.ccc.de/v/31c3_-_... [media.ccc.de]
Well there are 2 big differences here:
1. You can change passwords, so even if it gets extracted from your brain (or more likely intercepted from your keyboard), you can simply choose another one.
2. You can voluntarily give up a password without any collateral damage. For example when you get threatened you can just give out the password instead of loosing your finger.
I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.
1. You can change passwords, so even if it gets extracted from your brain (...)
If one can extract a password from your brain, he might surely get the new one... or even catch your intention to change it!
So in this extreme case, the password would be not safer than biometry, whereas in all other cases it's considerably better.
Of course there are also seriously better alternatives to passwords, for example public key authentication schemes. So in any event, biometry looses.
Why are you even still memorizing passwords? Mine are all random 13-letter strings that I store in a key safe.
Why are you even still memorizing passwords? Mine are all random 13-letter strings that I store in a key safe.
Businesses don't care enough about security to make their employees take two minutes to log into their workstations in the morning. Anything more than seven seconds is likely to be dismissed by the decision makers.
Convenience pushes our 'lazy' buttons, and security is not seen as being worth the cost. Unless that changes, there won't be much change in overall security.
I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.
That MacGyver guy was certainly ahead of his time!
Actually not, there was an even older James Bond movie where he foiled fingerprint authentification via a faked fingerprint.
Well yes, they were late into the game. AFAIK that method has first been demonstrated in 2004 by Starbug from the CCC:
http://chaosradio.ccc.de/ctv00... [chaosradio.ccc.de]
http://chaosradio.ccc.de/media... [chaosradio.ccc.de]
Yup, there have been cases recently where people have used photographs to get a person's fingerprints. Amazing but true.
Getting rid of passwords is a good idea, though. It's just that replacing them with biometrics is a change for the worse. A change for the better is to use public key cryptography: instead of your keychain containing passwords that you have to remember and that are sent to the far end, you have public keys, possibly more than one, for every service you need to contact, and you use yo
Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.
Wrong. http://divegeekstuff.blogspot.... [blogspot.com]
Ahh right, the "the sensor is secure" fallacy. Essentially the whole claim of this rant, carefully hidden behind lots of ramblings is, that somehow magically a sensor can get a full picture of what's in front of it, so it can somehow magically differentiate a fake finger from a real one.
Tell you what, even the most expensive systems are trivial to fake. Yes you can measure the pulse of a finger, but a simple silicone "mask" for your finger will give the same signal. Yes you can use a depth sensing camera, b
I don't think it is reliable enough
Too much room for false positives/negatives. I mean look at your phone: You can put a fingerprint on it but it'll require a backup PIN in case that doesn't work. You don't gain any security if there has to be a backup password, it is just a convenience thing.
The right answer is a smart card (or other device with that chip in it like Yubikey). Here you go to token+PIN. It's two factor, thus much harder for an adversary to get around, and it allows for a much shorter, easier to remember password. Reason is th
Tell me how to securely hash a dick.
Mind you, you don't store the dick. You store a cryptographically secure hash, with salt.
Biometric should only check WHO you are
Biometric is a ONLY username, not a password.
Wrong. http://divegeekstuff.blogspot.... [blogspot.com]
Won't work seamlessly for everyone
Except that real users don't follow those rules anyway. If they did, they'd have to break
* rule number 5 -- keep your passwords in your head, not written down where they can be stolen.
first...
1. Don't enforce needlessly strict / complicated security policies for websites that don't matter that much.
2. Don't make me reset my password when I've merely forgotten it - it just puts me into a never-ending loop of creating harder and harder to remember passwords that need to be constantly reset.
3. Provide easy to use 2 factor authentication that lets me use simpler passwords, or even delay the "authentication" to be when I pay for something and validate my billing
Don't make me reset my password when I've merely forgotten it
If a site doesn't make you reset, never go back. It means they have your password in plaintext, and that they'll send it to you in plaintext.
Biometrics are passwords you can't change
For remote use, there is not a lot of difference between biometrics and passwords, except that:
-- you can't change the biometrics if they are compromised
-- there is little scope for using different credentials for different sites
Can't see any advantages to them, and I really don't want to be authenticating to my bank with the same credentials I use for Slashdot.
Identification, not authentication
Let's take a look at the characteristics of a username:
And let's take a look at the characteristics of a password:
Now, let's take a look at what a fingerprint or other biometric property is:
Conclusion: biometric properies are more like usernames, not like passwords. So, use them for identification, not authentication. Any biometric system supplier telling you otherwise is just telling marketing nonsense.
[1]: http://www.tomsguide.com/us/ph... [tomsguide.com]
It's almost as if you didn't read the comment you replied to. Or your tone is just off.
Conclusion: biometric properies are more like usernames, not like passwords. So, use them for identification, not authentication.
Wrong. Biometrics are lousy usernames (and lousy passwords). They're good authenticators in many situations, but the model is entirely different. http://divegeekstuff.blogspot.... [blogspot.com]
Re: Identification, not authentication (Score:2)
Not likely, no
The problem with most biometric systems is that we literally leave our password behind on everything we touch.
Biometrics as a sort of user ID, on the other hand...
2FA
Why solve a problem already solved? Just use 2FA. Problem SOLVED.
rather hardware
Biometrics suck
Easy to steal, not protected by any laws, cannot be changed should they be compromised. Worst system imaginable.
Biometric data needs to be decryptable thus can be
Very bad idea
So, how do you change your fingerprints...
... when someone steals them?
Authentication without identification
In most cases there's no good reason to prove your identity. What you need to prove is your right to do whatever it is you're doing. I don't want to give an online store the information that would let them buy things with my credit card, or which could be stolen and misused by others. The information I give to buy something from Amazon should not be sufficient to buy something from Apple.
No - of course not
By all means, have a biometric username, but never have a biometric password. It's a basic rule for anyone that actually understands how to implement auth in the real world.
Easy to change a real password, impossible to change a biometric password..
has it though
"It's become abundantly clear that passwords are an untenable way to secure our data online."
Can you please provide some evidence for this "abundantly clear" claim?
Anybody ever hear of the crossover rate?
Any discussion of biometrics without discussing the crossover rate (or Equal Error Rate) is woefully incomplete. see this explanation: https://security.stackexchange.com/questions/57589/determining-the-accuracy-of-a-biometric-system
The crossover rate is that point in the sensitivity settings of the system that yield minimum errors, where the False Acceptance Rate = the False Rejection Rate. In layman's terms, you're letting in unauthorized bad guys at the same rate you're keeping authorized good guys out. Any biometric system that doesn't list their crossover rate is pure snakeoil. Run away.
Another data point few consider. A Large Theme Park used biometrics a few years back for their annual ticket holders. It soon became known as the "identical twins two-for-one sale". Can your biometrics discern identical twins? Few can.
No...
Too easy to forge wholesale
Most biometric scanners have poor resolution and are easily defeated with very modest resources. MythBusters did a very good episode about the ease of replicating fingerprints, and found recent scanners that could be defeated by copying a fingerprint on a laser printer and simply moistening the printout. There was also an infamous paper, available at https://cryptome.org/gummy.htm [cryptome.org], describing more sophisticated approaches with the image transferred to gelatiin. That has never been refuted since its original
RSA Security Device/CHIP
Nope
Biometric authentication is like a password that can never be reset, can be stolen off your body, and in some cases, that you accidentally leave copies of all over the place (fingerprints). They're fine as a second factor but the hard, cold, fad-deflating truth is that nothing beats the security of the good ol' password. A strong password can be hard to crack and is the hardest form of credentials to steal (requires torture or an fMRI machine). People are often careless with passwords but biometrics are no
Ridiculous.
Yeah... just waiting for the next headline from "Slashdot Asks"
Slashdot Asks: Should I Saw Off An Employee's Legs To Keep Him From Leaving The Company
Brilliant idea
I use
Every so often it requires me to use my regular login credentials.
It works very well indeed.
And yes, if someone cut off my finger or thumb, and it was one of the ones registered in the phone, or if someone caught my fingerprints some where, and went on a MythBusters type effort, where they lifted the print, and went through gyrations to duplicate it. Yup, they could break into my phone.
y tho?
That's a metric fuckton of tro
Fun thought
I don't even give my company access to medical history, what makes you think I would give them biometric data ?
With unique personally identifiable information now traversing the corporate networks, are they going to be forced to implement HIPAA standards to protect it ?
I doubt most companies will want to go that route due to cost, upkeep and penalties should that data get compromised.