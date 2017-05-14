Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
Businesses Security IT

Slashdot Asks: Should Businesses Switch To Biometric Passwords? (hbr.org) 41

Posted by EditorDavid from the digital-fingerprints dept.
This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app.
This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?

Slashdot Asks: Should Businesses Switch To Biometric Passwords? More | Reply

Slashdot Asks: Should Businesses Switch To Biometric Passwords?

Comments Filter:

  • I can see a whole lot of privacy and "Big Brother" problems with biometric authentication...

    • TL;DR : not revokable, risk shifting (Score:1)

      by Anonymous Coward

      First time poster, long time reader.

      Biometric elements regarding authentication fail regarding two major issues.

      First issue, they can't be revoked. There won't ever be a "change your retina" or "forgot my bird to flip" form. Forget being forgotten, forget witness protection etc.

      Second major issue : risk shifting.
      If my credentials have value, then it stands to reason I can be assaulted to get them. To protect itself, my employer asks me at least two factors and I am OK with what I know and what I have. Both

  • And you know that.

  • Biometrics suck (Score:1)

    by Anonymous Coward

    Biometrics are subject to replay attacks and, once compromised, can never be changed.

  • No! Of course not! (Score:3)

    by Casandro ( 751346 ) on Sunday May 14, 2017 @03:45AM (#54412975)

    Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.

    It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.

  • Too much room for false positives/negatives. I mean look at your phone: You can put a fingerprint on it but it'll require a backup PIN in case that doesn't work. You don't gain any security if there has to be a backup password, it is just a convenience thing.

    The right answer is a smart card (or other device with that chip in it like Yubikey). Here you go to token+PIN. It's two factor, thus much harder for an adversary to get around, and it allows for a much shorter, easier to remember password. Reason is th

  • Biometric is a ONLY username, not a password. It does not matter how much combo you think you can put together to eliminate bad actors, all those technics do is verify who you are, and if they can be fooled each single, chance is that they can be all fooled taken together. And once your system is compromised, what do you do ?
  • As usual, this will bring a collection of new problems for some. Will work fine for some people but others will struggle. Fingerprints will not be much use for me; my prints were clear when I was younger, but they have faded. To the extent that at a border control earlier this year where fingerprint capture was mandatory, the immigration clerk had difficulty with my left hand and found it impossible with my right. He wrote a brief report which said that he could just see the patterns but could not capture
  • Let's have businesses do 4 things:

    1. Don't enforce needlessly strict / complicated security policies for websites that don't matter that much.
    2. Don't make me reset my password when I've merely forgotten it - it just puts me into a never-ending loop of creating harder and harder to remember passwords that need to be constantly reset.
    3. Provide easy to use 2 factor authentication that lets me use simpler passwords, or even delay the "authentication" to be when I pay for something and validate my billing

  • For remote use, there is not a lot of difference between biometrics and passwords, except that:

    -- you can't change the biometrics if they are compromised

    -- there is little scope for using different credentials for different sites

    Can't see any advantages to them, and I really don't want to be authenticating to my bank with the same credentials I use for Slashdot.

  • Let's take a look at the characteristics of a username:

    • - They are not secret. Often, they consist of a person's name, email address or employee number.
    • - Often, one and the same username is used for many systems.
    • - Changing a username is unusual or even impossible.

    And let's take a look at the characteristics of a password:

    • - They should be kept secret.
    • - You are strongly advised to use a different password for every system.
    • - Every system must allow you to change your password.

    Now, let's take a look at what a

    • Usernames can (and do) change. It's rare, but people sometimes legally change their names. What is more common is when female employees get married, their last name changes. You then have to change their email address, like Firstname_Lastname@company.com and many people use email addresses for usernames. Most systems I know have the ability to change a username, although the change isn't always smooth or fast.

  • The problem with most biometric systems is that we literally leave our password behind on everything we touch.

    Biometrics as a sort of user ID, on the other hand...

  • 2FA (Score:2)

    by darkain ( 749283 )

    Why solve a problem already solved? Just use 2FA. Problem SOLVED.

  • maybe just a card you can scan than an actual body print. Just a physical card mailed to you so you can just scan it in,

  • Easy to steal, not protected by any laws, cannot be changed should they be compromised. Worst system imaginable.

  • Matching bio data isn't an exact 1:1 match. The mechanism is a proximity comparison. So the original data can't be protected by a one way encryption. Therefore it is way easier to steal that information for reuse. After all any biometric reader attached to a personal device can be simulated by an attacker and the stolen bio data fed in directly - so it is even easier than any of the current 2FA (the use case for readers in protected locations, think doors, is only slightly better). In summary having a uncha
  • Apart from the basic fact that you cannot change it when it is compromised, and it will be, there is also that real problem in that they are extremely unreliable. You sweat and the scanner has trouble reading your fingerprint or you get an eye infection and the machine cannot recognise your iris. When we installed fingerprint scanner on all the POSs we had to remove them soon after as staff had to jam the tills open all the time because they kept failing to open when they should. Biometrics are a securit

Slashdot Top Deals

Only great masters of style can succeed in being obtuse. -- Oscar Wilde Most UNIX programmers are great masters of style. -- The Unnamed Usenetter

Close