[email protected] (R.S.) writes: > BTW: I prefer tokens over biometrics for the following reasons: > 1. Biometrics is not reliable. Depending on the method used it could > cause "false failures", for example a fingerprint after some injury > cannot be recognized. Same about face recognition (BTDT), etc. So > usually biometrics is backed up with ...regular password. > > 2. Some biometrics are slooow. I saw room access control system which > had to be disabled, because there were long lines (queues) to the > doors. > > 3. Some biometric devices built in your PC can be hacked, or in other > words, your PC will receive OK from phony device instead of real one.
biometric will convert reading into numeric value and then do fuzzy compare with stored value. if the stored value is at a central location ... then it becomes a "shared secret" authentication scheme (aka your biometric value) and shares various characteristics in common with shared-secret passwords. from 3-factor authentication paradigm 1) something you know (pin, password, mothers maiden name) 2) something you have (hardware token) 3) something you are (biometrics) past posts about 3-factor authentication paradigm http://www.garlic.com/~lynn/subintegrity.html#3factor biometrics at remote unattended locations may be compromised by network exploit ... where somebody skims known biometric value and uses it in replay attack (aka analogous to password/pin skimming and replay attack). biometrics tend to work better with secure stations ... especially if under constant surveillance by armed guards recent references to Google authentication proposal Google Ring of Power Could Render Passwords Obsolete http://www.hotforsecurity.com/blog/google-ring-of-power-could-render-passwords-obsolete-5084.html Google suggests jewelry or a device as a next-gen password http://www.pcworld.com/article/2025794/google-suggests-jewelry-or-a-device-as-a-next-gen-password.html Google Declares War On the Password http://hardware.slashdot.org/story/13/01/18/1721203/google-declares-war-on-the-password?sbsrc=md Google Declares War On the Password http://tech.slashdot.org/story/13/01/18/1721203/google-declares-war-on-the-password?sbsrc=md Google Declares War on the Password http://www.wired.com/wiredenterprise/2013/01/google-password/ Google looks to kill passwords, but experts say not so fast http://www.csoonline.com/article/727053/google-looks-to-kill-passwords-but-experts-say-not-so-fast Google looks to kill passwords, but experts say not so fast http://www.networkworld.com/news/2013/011913-google-looks-to-kill-passwords-265977.html Google sees one password ring to rule them all http://www.networkworld.com/news/2013/011913-google-sees-one-password-ring-265979.html Google sees one password ring to rule them all http://www.computerworld.com/s/article/9235971/Google_sees_one_password_ring_to_rule_them_all and from Schneier http://www.schneier.com/blog/archives/2013/01/googles_authent.html old post from 1998 about form factor agnostic authentication http://www.garlic.com/~lynn/aadsm2.htm#straw disclaimer: we have dozens of (assigned) patents in the area http://www.garlic.com/~lynn/aadssummary.htm -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
