At 2:12 PM -0400 1999-05-16, some paranoid whacko wrote:
>>One very interesting note on technology demonstrated under Sonata
>>at WWDC: users will be able to log into their computers by
>>voiceprint indentification. This technology is considered very
>>reliable, is not easily faked by recordings and such, and can be
>>backed up with a normal text password if the user is sick, loses
>>their voice, etc.
If this is based on the "speaker independent" voice recognition in
PlainTalk, does it imply that anyone could speak your passphrase just
as easily... ?
>I watched the demo & I don't recall any claims being made about
>"voiceprint identification". As far as I could tell the only new
>thing was you can now speak your pass phrase instead of typing it.
>If your pass phrase is "Soylent Green is people", I don't think the
>OS is going to be able to discern biometrically who speaks it.
I'm sure no-one on this list needs me to tell them that this is a
VERY BAD IDEA: the marketing weasel who came up with it should be
soundly thrashed (pun intended). Stick with typed passphrases.
If anyone (technical) at Apple is listening... I once had an LEO in
one of my crypto classes (NYPD-CIU) tell me that they busted a dealer
who kept his database encrypted, and they didn't need to even ask him
for his passphrase, because they'd bugged the room and "the bonehead
used to speak each letter of his password as he typed it in." They
had it all on tape... several times in case there was any doubt.
Actually using this Sonata "feature" in anything less than an ideal
security environment (and I'd like to see one of those someday) is a
serious passphrase hygiene violation: writing the pphr on a Postit
and slapping it on the bezel of their monitor might be worse, but I
doubt it since voice travels a lot farther than a Postit...
Two steps forward, one step back...
dave
