That fingerprint stuff does not work too well. I have an IBM StinkPad, and I was never able to input my fingerprints to it. I went through the "training" program and then when I was in a process of setting it up, the system never accepted the last "scan".... no matter how many times I tried....
Furthermore, in mythbusters they already tested a movie-myth where one fakes the fingerprints. They were able to open the fingerprint protected lock easily. --> not-busted. Petri Mathew Branyon wrote: > I have an idea... Input isn't accepted into the devices unless the > fingerprints are actively being read, i.e. fingerprint scanners on all > of the keys on a keyboard, or on the back of a cell/pda, something like > that. > > RFID tags under the skin could also work. If you want, I can help > inject those into your clients (keep in mind, I'm not trained or > anything, I just think it could be fun) > > --mat > > Dustin Puryear wrote: > >> Let's keep in mind that I never said that having multiple passwords >> *was* the solution. I'm just looking for ideas. So, keep them coming. >> ;-) >> >> --- >> Puryear Information Technology, LLC >> Baton Rouge, LA * 225-706-8414 >> http://www.puryear-it.com >> >> Author: >> "Best Practices for Managing Linux and UNIX Servers" >> "Spam Fighting and Email Security in the 21st Century" >> >> Download your free copies: >> http://www.puryear-it.com/publications.htm >> >> >> Thursday, February 15, 2007, 3:30:55 PM, you wrote: >> >> >> >>> >>> Tim Fournet wrote: >>> >>> I've checked with four different email applications on the Palm Treo, as >>> well as some available on the Blackberry, and none of them show the >>> password as cleartext on the config screens. Sure, someone could >>> conceivably hook up the device to a reader, perform a hex dump of the >>> contents of the memory, and the passwords are probably visibly in there; >>> but my point is that by the time this can be done, a user can change his >>> password ---- as long as he knows how and when to change it! Giving him >>> a password that is "just for email" doesn't necessarily make his "real" >>> password more secure, because he can store that on the PDA just as well >>> >>> None of these mitigation activities get around the fact that >>> 1) some users are stupid >>> and >>> 2) some vendors are stupid and have buggy/easily broken applications. >>> >>> I don't necessarily see having multiple passwords as doing much to help >>> the situation. >>> >>> The DoD is starting to require two factor authentication. Users >>> must log in with smart cards and use a password. So you have to have >>> the card and the password. Even their webmail and VPNs are accessed that >>> way. >>> >>> >>> Shannon Roddy wrote: >>> >>> >>> On 2/15/07, Tim Fournet <tfournet at tfour.net> wrote: >>> >>> >>> I doubt many devices actually store the passwords in an >>> easy-to-access cleartext sort of way. >>> >>> >>> Umm... wrong answer. ;-) You'd be surprised. >>> >>> >> >> >>> _______________________________________________ >>> General mailing >>> listGeneral at >>> brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net >>> >>> >>> _______________________________________________ >>> General mailing >>> listGeneral at >>> brlug.nethttp://mail.brlug.net/mailman/listinfo/general_brlug.net >>> >>> >>> >>> >>> >>> >> _______________________________________________ >> General mailing list >> General at brlug.net >> http://mail.brlug.net/mailman/listinfo/general_brlug.net >> >> >> > > _______________________________________________ > General mailing list > General at brlug.net > http://mail.brlug.net/mailman/listinfo/general_brlug.net > >
