On 14 Feb 2007 09:14:34 -0800, [EMAIL PROTECTED] (Paul Gilmartin)
wrote:
>Isn't it merely a matter of time, though, before the technology
>arises to spoof fingerprint readers? Then we'll need to be
>concerned not only that a dishonest waiter copies our credit
>cards, but that a dishonest busboy lifts our fingerprints from
>the water glasses. Fingerprints don't impress me as a good
>secret.
As with all security needs, the technology will need to improve to
match the moving target of criminals. We don't know far behind the
8-ball our credit cards technologies or our currency technologies are
- but we trust them enough so they work for our current needs. I
suspect we are more vulnerable than we would like to admit here.
We know passwords are failing though. And the primary reason is we
need too many passwords all over the place - security needs to work
the way people work.
A couple or a few decades ago I read a SF story - the protagonist
appeared to be a criminal and one thing he did was pull the
fingerprint off a rich person to make a bunch of luxury purchases. It
turns out he worked for the good guys, and was testing the system for
a bet. At the end of the story, he made another bet for 6 months in
the future - after his co-workers changed the technology for such
things as making sure that the fingerprint came from a conscious
person. In that world, such crime appeared to be rare - but the
process made sense anyway. (I tend to believe that Vernor Vinge's
example of the danger of ubiquitous law enforcement is more likely to
be true).
What direction do we need to go for logon security?
The problem of counterfeiting is also a problem that extends beyond
paper money - counterfeiting data can effect us all over. Google
recently added software to counter Google Bombs ("miserable failure").
It's not hard to extrapolate this concept to all Information
Processing.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
