Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Businesses Security IT

Slashdot Asks: Should Businesses Switch To Biometric Passwords? (hbr.org) 204

This question was inspired by a recent article in Harvard Business Review: It's become abundantly clear that passwords are an untenable way to secure our data online. And asking your customers to keep track of complicated log-in information is a terrible user experience... The threat to security when relying on passwords is one reason businesses are increasingly migrating to biometric systems. Identity verification through biometrics can ensure greater security for personal information, while also providing customers with a more seamless experience in the digital environment of smartphones, tablets, sensors, and other devices... the idea is to verify someone's identity with a high degree of assurance by tying it to multiple mechanisms at once, known as biometric modalities [which] when used in concert, can provide a significantly safer environment for the customer, and are much easier to use... [I]f an app simultaneously requires a thumbprint, a retina scan, and a vocal recognition signature, it would be close to impossible for a bad actor to replicate that in the seconds needed to open the app.
This got me curious -- are Slashdot's readers already seeing biometric verification systems in their own lives? Share your experiences in the comments, as well as your informed opinion. Do you think businesses should be switching to biometric passwords?
This discussion has been archived. No new comments can be posted.

Slashdot Asks: Should Businesses Switch To Biometric Passwords?

Comments Filter:
  • I can see a whole lot of privacy and "Big Brother" problems with biometric authentication...

    • And it can be hacked and spoofed. This scene from a Bond film comes to mind: https://www.youtube.com/watch?... [youtube.com]
      • by jellomizer ( 103300 ) on Sunday May 14, 2017 @05:31AM (#54413169)

        However most of security problems are not from targeted attack but from broad sweeping ones. Back in the 1980 an insecure server was a server that didn't need a password to login. And for the most part they were safe because they didn't have information that people wanted or were such a small group they were not targeted for anything as to connect to the server they needed to know the telephone number and at $0.10 per call it was expensive to war dial. Once computers started to be connected to the internet at a significant level then they really needed authentication because it got easier and cheaper to just try a bunch of IP addresses. Biometric may not be good for access to a secure location or a high targeted attack. But for the bulk of the systems who are more or less just fallout from a wide attack can be much safer.

        The real problem with biometric is the relative difficulty to program. We still have newly developed apps that store the passwords in clear text. Expecting developers to widely use a biometric alorithms which is much harder to code then a
        SELECT uid FROM users WHERE loginname=@login and password=@password
        Most institutions will not pay for skilled developers so they have kids out of college or an offshore developer with just rudimentary stills who may have energy and ambition but lack the experience to think of problems in term of full lifecycle needs. Forcing most programs to use the same biometric API and treating the data in the most haphazard way possible.

        • It will be much worse then that, since you cannot create a reliable hash from biometric data (since the biometric changes slightly from time to time) every off-line attack against a leaked database will be an instant reveal of all "passwords" since all of them will be your password=@password scheme.
          • by Anonymous Brave Guy ( 457657 ) on Sunday May 14, 2017 @09:18AM (#54413643)

            Biometrics aren't passwords, they are user IDs.

            Treating them as passwords is a popular idea but will inevitably lead to disaster. Who would choose a password they could never change and then give that same password to countless other parties? Even if we did that, what would be the equivalent to good practices like storing password hashes instead of the originals in case of compromise?

            • Biometrics aren't passwords, they are user IDs.

              They're neither. http://divegeekstuff.blogspot.... [blogspot.com]

              • (You posted that text, or something very like it, in another comment here on Slashdot, and I addressed your point in a reply there.)

              • " If you change your password before the attacker can guess your password, the attacker has to start over."

                Not necessarily. It is possible that the attacker would never guess your current password, and has not yet tried the new password, but does try it after you change it, thereby making it true that they only get in because you changed it.

              • I would argue that biometrics are a class in themselves. Essentially a checkbox. For authentication, you have your userID (the object that is asking for authentication.) You have the password (something you know.) You have a 2FA code (something you possess), and a fingerprint (something you are.) Sometimes, with geo-location, one can add somewhere you are.

                Does it increase security? It is a security factor. Is it worth it over something like Duo or a PIN on the HID card reader? Depends on what is bei

            • I think the key to using biometric authentication safely is to never push it to the cloud, and thus eliminate the temptation to use it as a single-factor authentication, not to mention minimize the risk of getting it stolen. Instead, it should only be used when there's a secure electronic enclave that can store it and use it for authentication on your behalf.

              In this way, your biometric data is just an authentication proxy on known-good systems. It doesn't leave your local devices, which means a random att

          • It will be much worse then that, since you cannot create a reliable hash from biometric data (since the biometric changes slightly from time to time) every off-line attack against a leaked database will be an instant reveal of all "passwords" since all of them will be your password=@password scheme.

            Irrelevant, because biometrics aren't secret to begin with.

            • by skids ( 119237 )

              Exactly. It's like having your users write their passwords on a post-it note, and stick it on the foreheads rather than their monitors.

              • Exactly. It's like having your users write their passwords on a post-it note, and stick it on the foreheads rather than their monitors.

                No, it's not. At all. Post-it notes on foreheads would be completely insecure. Biometric security can actually be quite good, even though the biometric data is public.

                http://divegeekstuff.blogspot.com/2017/04/fingerprint-security.html

            • I agree. Unfortunately it's not "irrelevant" however since people/companies are trying to push biometrics in this direction.
    • by Samantha Wright ( 1324923 ) on Sunday May 14, 2017 @03:51AM (#54412995) Homepage Journal
      More generally, if the information gets stolen, you can never change it. Locks, passwords, and challenge-response seeds can all be replaced. No other authentication method has this glaring weakness. The burden of manual authentication is here to stay, I think, until we get password manager brain implants.
      • by tysonedwards ( 969693 ) on Sunday May 14, 2017 @06:57AM (#54413313)
        That's why people should adopt the philosophies of "biometrics = who you are (username)", leaving "passwords = something you know", and allowing for "tokenization = something you have". If usernames and passwords are decoupled to the point where biometric authentication serves as a realtime handshake of the resulting hash by the destination server, even to the point where they are stored in different tables with the functional equivalent of public key vs private key components, than the compromise of a single system would effectively result in a rainbow table only that needs to be iterated for all users on the system.
        • by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday May 14, 2017 @08:58AM (#54413581) Homepage Journal

          More generally, if the information gets stolen, you can never change it.

          This is true, but irrelevant. Replaceability is unnecessary for biometric security. Your biometrics wouldn't be any more (or less) secure if you could replace them.

          That's why people should adopt the philosophies of "biometrics = who you are (username)"

          This is also wrong. Biometrics are terrible identifiers. They have no uniqueness guarantees and cannot be matched exactly, which makes them prone to Birthday Paradox problems.

          Here's my screed on fingerprint / biometric security [blogspot.com], which I'm going to post on every /. article where these incorrect ideas come up. Maybe it will help.

          Claim:Fingerprint authentication is serious James Bond shizzle and it's totally secure.

          No. No, it's not. See below.

          Claim:Fingerprint authentication is insecure because you only have ten fingers, and when you've used them all you have no more new "passwords".

          This is wrong, because it assumes that fingerprints (or other biometrics) are just a slightly different sort of password. They're not. Biometric authenticators are nothing at all like passwords; the security model is completely different. To understand how and why, we first need to understand the password authentication security model.

          Why are passwords secure (when they are)? Passwords are secure when the attacker doesn't know them or can't guess them. That seems simple and obvious, but some subtleties arise when you think about howan attacker might acquire them. There are two primary ways: stealing copies somehow, and repeated guessing, also known as a "brute force search". These interact—in some cases the attacker can steal some information and guess the rest—and there are many methods of optimizing both, but it all boils down to getting a copy, or guessing.

          Suppose the attacker has obtained a copy of your password, and you don't know it. Your security is compromised, but now the attacker has a choice. He can change your password, lock you out of your own account/device and use it for his own purposes, or he can leave your password and make covert use of your account/device/whatever. In many cases, the attacker opts for the latter approach because the former is too noticeable and the account/device often quickly gets shut down. Or suppose the attacker has obtained a copy of your password but hasn't gotten around to using it yet. In either case, changing your password shuts off the attacker's access, closing the window of vulnerability.

          But there's another reason to change your password from time to time, and that's to protect it against compromise by guessing. Depending on how the system is built, what information the attacker has to start with and the attacker's resources, the attacker will be able to make guesses at some rate. If you change your password before the attacker can guess your password, the attacker has to start over. Another way to look at it is that as the attacker guesses, he gains knowledge about your password, because he knows a bunch of things it is not. When you change your password, that knowledge is invalidated.

          In a nutshell: Password security derives from password secrecy, and you remove whatever knowledge the attacker has when you change it (assuming you don't just change a character or two). Another way of looking at it is that password secrecy erodes over time, and rotation restores it.

          But... your fingerprints are not secret. You leave them on almost everything you touch. From a security perspective the only reasonable way to think about biometrics is that they are public information. We have to assume the attacker already has your fingerprints. In the case of smartphone or a credit card, odds are good that there are nice fingerprints on the device itself.

          The purpo

          • Good identifiers should have uniqueness guarantees, biometrics don't. Good identifiers should always either match or not match, biometric matching is fuzzy, every match is a judgement call.

            You make good points, here and throughout your post. However, I don't think the above undermines the biometrics-as-IDs analogy to the extent that you're arguing here. A great many online systems today use an email address as an ID, yet email addresses can suffer from exactly the same problems. We use a person's name and mailing address to send them post, but again the same problems can arise. In practice, not many IDs that we use are good identifiers by your definition -- and again, I'm not disputing that d

            • by chihowa ( 366380 )

              His arguments against using biometrics as identifiers were the birthday paradox and fuzzy matching, which absolutely don't apply at all to email addresses. Aside from very deliberate email account sharing between family members, no two people have any chance at all of having the same email address. Secondly, matching an email address is not fuzzy at all.

              • His arguments against using biometrics as identifiers were the birthday paradox and fuzzy matching, which absolutely don't apply at all to email addresses.

                I'm sorry, but they most certainly do apply to email addresses.

                For the birthday paradox, haven't you ever worked in an office that had addresses of the form j.smith@example.com, until both John and Jane Smith joined, and then suddenly their scheme broke down? Technically speaking everyone presumably has their own address according to some alternative scheme invented to avoid that problem, but in reality anyone who is familiar with the original scheme is quite likely to send mail to the wrong address.

                For fuz

                • by chihowa ( 366380 )

                  Fair enough, but those examples only apply to poorly-considered naming schemes (and the accompanying human assumptions) or improperly implemented mail systems. Per RFC 5321 [ietf.org], "the local-part of a mailbox MUST BE treated as case sensitive." These could lead to multiple identifiers that all map to a single email address (in the case of a case insensitive local-part), but not a single identifier mapping to multiple email addresses (the birthday paradox manifestation).

                  The fuzzy matching was more about the fact t

          • Excellent post!

      • by xeoron ( 639412 )
        If we use bioMetrics as the seed to a password, then we can change the password anytime we want. Password = Something we have + Something we know.
      • "you can never change it"

        Your employer can change it with trivial effort. Just fire you and hire someone else.

    • And once compromised biometric passwords are extremely difficult to change. Fingerprints might be OK...got ten passwords to use, but those can get compromised all at the same time. Maybe the solution is more in x factor authentication, add as many layers of security as possible and either have them all match or a majority of the them match or get provided. While secure the problem is that of convenience, logging in to an email account might then take 10 minutes.
    • Your biometric password can't be changed. Just because we don't know how to hack them now doesn't mean it won't be trivial in the future. finger print readers are wafer thin right now, whose to say a wafer thin electrode array can't drive one of these with some one eleses fingerprint. As for getting that finger print well, you will have it from any one of the biometric devices that the person gave it to.

      It's just a passing phase in password land where biometric passwords are convenient but no ubiquitous

    • Wearing your password (where anyone can see it) is not secure. A physical passkey means border guards can make use of it without your consent.
  • by Hognoxious ( 631665 ) on Sunday May 14, 2017 @03:41AM (#54412965) Homepage Journal

    No.

    • by Anonymous Coward on Sunday May 14, 2017 @03:57AM (#54413017)

      First time poster, long time reader.

      Biometric elements regarding authentication fail regarding two major issues.

      First issue, they can't be revoked. There won't ever be a "change your retina" or "forgot my bird to flip" form. Forget being forgotten, forget witness protection etc.

      Second major issue : risk shifting.
      If my credentials have value, then it stands to reason I can be assaulted to get them. To protect itself, my employer asks me at least two factors and I am OK with what I know and what I have. Both can be acquired without major hurt to my person (yes, under duress I will gladly give them and no one could blame me).
      Biometric elements, provided that a copy of what I am cannot fool the system WILL have to be harvested from me.

      Therefore, Biometrics is still heck of a bad idea

  • And you know that.
  • No! Of course not! (Score:5, Insightful)

    by Casandro ( 751346 ) on Sunday May 14, 2017 @03:45AM (#54412975)

    Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.

    It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.

    • BTW, here's a nice overview video on the topic:
      https://media.ccc.de/v/31c3_-_... [media.ccc.de]

    • In other words, traditional biometric data relies currently on some physical and almost constant properties sampled from a human body, while traditional passwords rely on some biological neuronal configuration within the brains that we are currently unable to extract from a person without his/her consent. Matter of time...
      • Well there are 2 big differences here:

        1. You can change passwords, so even if it gets extracted from your brain (or more likely intercepted from your keyboard), you can simply choose another one.

        2. You can voluntarily give up a password without any collateral damage. For example when you get threatened you can just give out the password instead of loosing your finger.

        I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.

        • 1. You can change passwords, so even if it gets extracted from your brain (...)

          If one can extract a password from your brain, he might surely get the new one... or even catch your intention to change it!

          • So in this extreme case, the password would be not safer than biometry, whereas in all other cases it's considerably better.

            Of course there are also seriously better alternatives to passwords, for example public key authentication schemes. So in any event, biometry looses.

          • by mellon ( 7048 )

            Why are you even still memorizing passwords? Mine are all random 13-letter strings that I store in a key safe.

            • Why are you even still memorizing passwords? Mine are all random 13-letter strings that I store in a key safe.

              Businesses don't care enough about security to make their employees take two minutes to log into their workstations in the morning. Anything more than seven seconds is likely to be dismissed by the decision makers.

              Convenience pushes our 'lazy' buttons, and security is not seen as being worth the cost. Unless that changes, there won't be much change in overall security.

          • Why are you continuing to argue something that can not currently happen, and quite frankly may never happen? The first time I can let slide, but defending a hypothetical.. Really? Irrationality at it's finest.

        • I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.

          That MacGyver guy was certainly ahead of his time!

          • Actually not, there was an even older James Bond movie where he foiled fingerprint authentification via a faked fingerprint.

        • There was also the Mythbusters episode 20 years later where they made silicon thumbprints and fooled hand scanners without Hollywood magic. And this was before the "login with your face" methods came out and were easily defeated with photographs.
    • by mellon ( 7048 )

      Yup, there have been cases recently where people have used photographs to get a person's fingerprints. Amazing but true.

      Getting rid of passwords is a good idea, though. It's just that replacing them with biometrics is a change for the worse. A change for the better is to use public key cryptography: instead of your keychain containing passwords that you have to remember and that are sent to the far end, you have public keys, possibly more than one, for every service you need to contact, and you use yo

      • Getting rid of passwords is a good idea, though. It's just that replacing them with biometrics is a change for the worse. A change for the better is to use public key cryptography: instead of your keychain containing passwords that you have to remember and that are sent to the far end

        Passwords never have to be sent anywhere. You can use a zero knowledge proofs to determine mutual possession without leaking ANYTHING about the password other than binary outcome of whether fact of mutual possession has been established.

        Don't confuse widespread adoption of stupidity (e.g. passwords entered into adhoc web forms) .. for something inherent to passwords. Widespread use of insecure authentication protocols and yes entering plaintext passwords over TLS counts as insecure authentication is direc

    • Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.

      Wrong. http://divegeekstuff.blogspot.... [blogspot.com]

      • Ahh right, the "the sensor is secure" fallacy. Essentially the whole claim of this rant, carefully hidden behind lots of ramblings is, that somehow magically a sensor can get a full picture of what's in front of it, so it can somehow magically differentiate a fake finger from a real one.

        Tell you what, even the most expensive systems are trivial to fake. Yes you can measure the pulse of a finger, but a simple silicone "mask" for your finger will give the same signal. Yes you can use a depth sensing camera, b

        • Ahh right, the "the sensor is secure" fallacy.

          You didn't actually read the blog post. If you had, you'd have noticed that I covered that quite thoroughly, pointing out the major ways the sensor is and is not secure. Bottom line, it's context-dependent. Password security is also context-dependent. In either case, you have to understand the problem you're trying to solve in order to say whether or not a given solution addresses it adequately.

    • by hAckz0r ( 989977 )
      One big problem with finger print scanning on mobile is that every mobile handset comes with your finger prints all over the phone. All one has to do is find and lift the required fingerprint (right thumb usually) and create a fake positive mask to pass over the finger print scanner. Your average joe might not be able to do this, but its not out of the reach for even a street gang to acquire what is needed. All they need is to just beat some guy over the head, take their phone using gloves, lift the prints,
  • Too much room for false positives/negatives. I mean look at your phone: You can put a fingerprint on it but it'll require a backup PIN in case that doesn't work. You don't gain any security if there has to be a backup password, it is just a convenience thing.

    The right answer is a smart card (or other device with that chip in it like Yubikey). Here you go to token+PIN. It's two factor, thus much harder for an adversary to get around, and it allows for a much shorter, easier to remember password. Reason is th

  • by aepervius ( 535155 ) on Sunday May 14, 2017 @03:45AM (#54412981)
    Biometric is a ONLY username, not a password. It does not matter how much combo you think you can put together to eliminate bad actors, all those technics do is verify who you are, and if they can be fooled each single, chance is that they can be all fooled taken together. And once your system is compromised, what do you do ?
  • by AxeTheMax ( 1163705 ) on Sunday May 14, 2017 @03:51AM (#54412993)
    As usual, this will bring a collection of new problems for some. Will work fine for some people but others will struggle. Fingerprints will not be much use for me; my prints were clear when I was younger, but they have faded. To the extent that at a border control earlier this year where fingerprint capture was mandatory, the immigration clerk had difficulty with my left hand and found it impossible with my right. He wrote a brief report which said that he could just see the patterns but could not capture them. I might have been lucky not to be refused admission, but it seems this situation was not new to them.
  • Let's have businesses do 4 things:

    1. Don't enforce needlessly strict / complicated security policies for websites that don't matter that much.
    2. Don't make me reset my password when I've merely forgotten it - it just puts me into a never-ending loop of creating harder and harder to remember passwords that need to be constantly reset.
    3. Provide easy to use 2 factor authentication that lets me use simpler passwords, or even delay the "authentication" to be when I pay for something and validate my billing
    • by Dog-Cow ( 21281 )

      Don't make me reset my password when I've merely forgotten it

      If a site doesn't make you reset, never go back. It means they have your password in plaintext, and that they'll send it to you in plaintext.

  • For remote use, there is not a lot of difference between biometrics and passwords, except that:

    -- you can't change the biometrics if they are compromised

    -- there is little scope for using different credentials for different sites

    Can't see any advantages to them, and I really don't want to be authenticating to my bank with the same credentials I use for Slashdot.

  • by Aethedor ( 973725 ) on Sunday May 14, 2017 @03:57AM (#54413021) Homepage

    Let's take a look at the characteristics of a username:

    • - They are not secret. Often, they consist of a person's name, email address or employee number.
    • - Often, one and the same username is used for many systems.
    • - Changing a username is unusual or even impossible.

    And let's take a look at the characteristics of a password:

    • - They should be kept secret.
    • - You are strongly advised to use a different password for every system.
    • - Every system must allow you to change your password.

    Now, let's take a look at what a fingerprint or other biometric property is:

    • - They are not secret. You leave your fingerprints everywhere and it's very well possible to have your iris scan taken by other people [1].
    • - Because of the limited amount of biometric properties (ten fingers and two eyes), you will likely be using one biometric property for multiple systems.
    • - You can't change a biometric property on demand.

    Conclusion: biometric properies are more like usernames, not like passwords. So, use them for identification, not authentication. Any biometric system supplier telling you otherwise is just telling marketing nonsense.

    [1]: http://www.tomsguide.com/us/ph... [tomsguide.com]

    • Usernames can (and do) change. It's rare, but people sometimes legally change their names. What is more common is when female employees get married, their last name changes. You then have to change their email address, like Firstname_Lastname@company.com and many people use email addresses for usernames. Most systems I know have the ability to change a username, although the change isn't always smooth or fast.
      • by Dog-Cow ( 21281 )

        It's almost as if you didn't read the comment you replied to. Or your tone is just off.

    • Conclusion: biometric properies are more like usernames, not like passwords. So, use them for identification, not authentication.

      Wrong. Biometrics are lousy usernames (and lousy passwords). They're good authenticators in many situations, but the model is entirely different. http://divegeekstuff.blogspot.... [blogspot.com]

      • I agree fingerprints are not very good usernames. I personally wouldn't use biometrics for anything. However, the article you link to has many flaws. Lots of false arguments. Since it's a long article, going into all the details takes more time than I have right now. Maybe later.
        • I agree fingerprints are not very good usernames. I personally wouldn't use biometrics for anything. However, the article you link to has many flaws. Lots of false arguments. Since it's a long article, going into all the details takes more time than I have right now. Maybe later.

          Since I've been doing biometric security for nearly 20 years, as my day job, I'd be very interested in exactly what "flaws" you think you find in my arguments. I suspect that it's your counterarguments which are flawed. Oh, I suppose there are nits you can pick -- I could point out a bunch of those myself -- but nothing more.

  • The problem with most biometric systems is that we literally leave our password behind on everything we touch.

    Biometrics as a sort of user ID, on the other hand...

  • by darkain ( 749283 )

    Why solve a problem already solved? Just use 2FA. Problem SOLVED.

  • Easy to steal, not protected by any laws, cannot be changed should they be compromised. Worst system imaginable.

  • Matching bio data isn't an exact 1:1 match. The mechanism is a proximity comparison. So the original data can't be protected by a one way encryption. Therefore it is way easier to steal that information for reuse. After all any biometric reader attached to a personal device can be simulated by an attacker and the stolen bio data fed in directly - so it is even easier than any of the current 2FA (the use case for readers in protected locations, think doors, is only slightly better). In summary having a uncha
  • Apart from the basic fact that you cannot change it when it is compromised, and it will be, there is also that real problem in that they are extremely unreliable. You sweat and the scanner has trouble reading your fingerprint or you get an eye infection and the machine cannot recognise your iris. When we installed fingerprint scanner on all the POSs we had to remove them soon after as staff had to jam the tills open all the time because they kept failing to open when they should. Biometrics are a securit
  • In most cases there's no good reason to prove your identity. What you need to prove is your right to do whatever it is you're doing. I don't want to give an online store the information that would let them buy things with my credit card, or which could be stolen and misused by others. The information I give to buy something from Amazon should not be sufficient to buy something from Apple.

  • Biometric passwords are a really dumb idea.

    By all means, have a biometric username, but never have a biometric password. It's a basic rule for anyone that actually understands how to implement auth in the real world.

    Easy to change a real password, impossible to change a biometric password..

  • by brentlaminack ( 513462 ) on Sunday May 14, 2017 @07:04AM (#54413323) Homepage Journal

    Any discussion of biometrics without discussing the crossover rate (or Equal Error Rate) is woefully incomplete. see this explanation: https://security.stackexchange.com/questions/57589/determining-the-accuracy-of-a-biometric-system
    The crossover rate is that point in the sensitivity settings of the system that yield minimum errors, where the False Acceptance Rate = the False Rejection Rate. In layman's terms, you're letting in unauthorized bad guys at the same rate you're keeping authorized good guys out. Any biometric system that doesn't list their crossover rate is pure snakeoil. Run away.
    Another data point few consider. A Large Theme Park used biometrics a few years back for their annual ticket holders. It soon became known as the "identical twins two-for-one sale". Can your biometrics discern identical twins? Few can.

  • Most biometric scanners have poor resolution and are easily defeated with very modest resources. MythBusters did a very good episode about the ease of replicating fingerprints, and found recent scanners that could be defeated by copying a fingerprint on a laser printer and simply moistening the printout. There was also an infamous paper, available at https://cryptome.org/gummy.htm [cryptome.org], describing more sophisticated approaches with the image transferred to gelatiin. That has never been refuted since its original

  • Biometric authentication is like a password that can never be reset, can be stolen off your body, and in some cases, that you accidentally leave copies of all over the place (fingerprints). They're fine as a second factor but the hard, cold, fad-deflating truth is that nothing beats the security of the good ol' password. A strong password can be hard to crack and is the hardest form of credentials to steal (requires torture or an fMRI machine). People are often careless with passwords but biometrics are no

  • Yeah... just waiting for the next headline from "Slashdot Asks"

    Slashdot Asks: Should I Saw Off An Employee's Legs To Keep Him From Leaving The Company

  • Relatively easy to fake, and can't be repudiated once compromised. Brilliant.
  • by Ol Olsoc ( 1175323 ) on Sunday May 14, 2017 @10:25AM (#54413863)
    ApplePay, and I also use their fingerprint reader to "log in" to my phone.

    Every so often it requires me to use my regular login credentials.

    It works very well indeed.

    And yes, if someone cut off my finger or thumb, and it was one of the ones registered in the phone, or if someone caught my fingerprints some where, and went on a MythBusters type effort, where they lifted the print, and went through gyrations to duplicate it. Yup, they could break into my phone.

    y tho?

    That's a metric fuckton of trouble to go to, and if the standard login pops up on them, they wasted a lot of effort to spoof my fingerprint. Then steal my phone, and somehow keep me from erasing the phone as soon as I noticed it gone. And my credit card puts a hold on any large purchase, and calls a different number for verification before it allows it, and if not verified as legit, cancels the card.

    It isn't perfect. But it's pretty good. Perfection is too often the enemy of pretty good.

  • I don't even give my company access to medical history, what makes you think I would give them biometric data ?

    With unique personally identifiable information now traversing the corporate networks, are they going to be forced to implement HIPAA standards to protect it ?

    I doubt most companies will want to go that route due to cost, upkeep and penalties should that data get compromised.

  • I tried to use a FIDO U2F security key [amzn.to] in my side business. Most of my vendors don't support using two-factor authentication with a security key. My web host provider plans to implement it Really Soon. Google will prompt me for my key if I make a major change to my YouTube account. Biometric passwords aren't going to work if vendors don't get onboard to upgrade their login systems.
  • by XSportSeeker ( 4641865 ) on Sunday May 14, 2017 @01:05PM (#54414481)

    Businesses should not switch to biometric passwords. They could use biometry for convenience paired with password for security, but biometry isn't enough for one main reason: if someone figures a way of replicating even a single biometric identification, the whole system is defeated.
    It's a difference between replacing a single user password versus possibly having to recall and replace all hardware, and the entire system behind it.

    You can easily replace passwords. Biometrics cannot be replaced.
    It uniquely identifies people and is uniquely tied to each one, which also creates a problem regarding privacy.
    It's always a bad idea to use something that is uniquely identifiable as a password, because you end up running in scenarios where anonymity becomes impossible.

    And in the end, the problem with security systems is that they are prone to failure due to a bunch of different factors.
    Smartphone fingerprint readers were easily defeated just recently because they were implemented to work faster.
    http://www.computerworld.com/a... [computerworld.com]
    Technology catches on. We'll always be one step from a scanner with high enough resolution and a printer of some sort with high enough definition and usage of the right materials.

    You know what people said about fingerprint readers in the past? That it would be close to impossible to replicate because of how complex our fingerprints are. That argument being made by Harvard Business Review in the end of the quote is just the same. We can't assume how hard it's gonna be to replicate even if you are tying a bunch of biometrics together because it hasn't been out yet, nor there's any incentive for people to break it just yet. If someone haphazardly implements it through a wide range of businesses, then all bets are off.

    Also, companies behind such systems will always fail to recognize the problem because recalling and replacing devices will always be impossibly expensive, and in several instances we're basically relying on security through obscurity.
    https://www.forbes.com/sites/e... [forbes.com]

    https://hackaday.com/2015/11/1... [hackaday.com]

    Now, with things as they stand, imagine this scenario: as we all know, several companies nowadays are basically building entire dossiers about each and every costumer with all sorts of information about them to sell for advertisers and whatnot. Imagine if biometrics got into that, and then innevitably one of those companies gets hacked or leaks their entire databases. Instead of people scrambling to reset and change their passwords, we'd get people who could do nothing about it, biometrics in the wild, just waiting for someone to come up with a way to use/replicate them. This happens to enough businesses and enough databases, biometric data becomes something as easy to find out as an address or name.

  • No question, Bio passwords should be mandatory. HOWEVER, along with this, we have to come up with a way that this doesn't turn into tracking.
  • Reading the commentary here it is obvious that biometrics is a mess. Some think it's a user ID, others a password, and the list goes on.

    If it is so confusing here just imagine how bad it would be for the millions of implementers out there who can't even grasp the concept of going beyond a cleartext version of a password in a database.

  • The security industry has learned at lot about attacking authentication systems in the last few years. It turns out, that to an attacker, everything is a digital recording or a digital stream. This means that:
    • * Something You Have;
    • * Something You Are;
    • * Somewhere You Are;
    • * and Something You Do;

    all can ultimately be transformed into Something You (or a computer) Knows. Therefore, almost every multi-factor authentication system depends on several things that an attacker can discover, and mimic.

    The security industry has found that biometerics have a major down side, in that they can't be changed. Once they are discovered by attackers, they are permanently discovered.

    For example, the major compromise of the US Office of Personnel Management by the Chinese in 2015 disclosed 5.6 million recorded fingerprints. This included everybody who had a security clearance, and all covert agents in Intelligence and law enforcement. Since biometerics can't be changed, it will take decades before this compromise stops causing harm to the US government. US Covert agents can be identified. Any attempt to use fingerprint biometerics for these people can now be more easily attacked: https://en.wikipedia.org/wiki/... [wikipedia.org]

    Every government has aggressively begun to collect biometeric information from every possible source. Shortly afterwards, almost every government database of collected biometerics has been successfully compromised. Biometric information is collated by insurance, law and intelligence agencies. It is sold and resold on the various criminal marketplaces.

    Part of this flourishing criminal marketplace in biometeric information includes permanent, unchangeable health and medical information: https://hipaahealthlaw.foxroth... [foxrothschild.com]

    Also, US courts have ruled that biometeric info has almost no legal protections against collection, resale or forced disclosure.

    Therefore, some security professionals now believe that well funded attackers can overcome the biometeric parts of an authentication system with less expense than overcoming a password.

  • Biometrics are good for identification, i.e. you take someone's fingerprint and compare it to a database. Someone can't show up with a severed or fake one and fool you with it.

    It does not work for authentication, however. Imagine a password that you can never change and you leave pieces of it everywhere you go... well that's exactly what your fingerprint is. Maybe retina scans are better, but I have serious doubts, the biggest being that if it ever does become compromised, again, you can't change it. Voice

  • And like they need more data -_-. Besides, you then got to hope that the IT people are complete sh*t heads and most are.

"No matter where you go, there you are..." -- Buckaroo Banzai

Working...