Mark and Josiah, I cant agree more. I have thought a lot about this and Believe Bio-metrics for authentication is a fools path. Why do I say this?, because it is a password who's value can not be changed without surgery, if at all. In no other case do we tie the value of a password to something which actually exists in the real world, it is tantamount to using your birth-date in your password, or a post it note on your monitor, whilst your birthdate may be publicly accessible, your bio-metric information may only be privately available initially, but once it is used for authentication a copy of it needs to exist externally from you to compare with it. Then you may be able to re-encode it, but in many ways it can never be changed or it will not map to your physical bio-metrics. Now if the authentication service is compromised as happens from time to time, your bio-metrics may become public, then who gets to use it? and how do you reset it?
A USB token or such is much smarter, especially when combined with another couple of factors such as a password and an installed certificate. Regards Tony On Saturday, December 8, 2018 at 2:50:04 AM UTC+11, Mark S. wrote: > > To me, #3 is illusory. It's really just a form of #1. The data extracted > from your fingerprint is just another password that could be in fact stolen > and used to misrepresent you. You would not want your biological > identifiers to be registered with any entity unless you knew that that > entity was encrypting that information thoroughly. > > -- Mark > > > On Friday, December 7, 2018 at 6:49:41 AM UTC-8, PMario wrote: >> >> >> On Friday, December 7, 2018 at 12:38:53 PM UTC+1, TonyM wrote: >> ... >> >> If you place a tiddlywiki in a secure folder, with a long password on >>> https and then use the encryption in tiddlywiki you would be using two >>> factors. >>> >> >> No offence intended. - Technically, this is only 1 factor 2 times >> >> Multi-factor authentication is defined as: >> >> 1) something the user and only the user *knows* >> 2) something the user and only the user *has* >> 3) something the user and only the user *is* >> >> add 1) eg: password >> add 2) eg: usb-token >> add 3) eg: fingerprint >> >> Pros and Cons are discussed in detail here: >> https://en.wikipedia.org/wiki/Multi-factor_authentication >> >> IMO The main problem is convenience and cost. Workflows, that create >> "real" security will cost something. That's a fact! ... At the moment our >> society trades convenience for security and cost. >> >> Everything needs to be free (as in free beer). >> >> In my opinion this mentality has to change. It's OK to use free (as in >> free speech) software / tools. ... But we need to become aware again, that >> our security will cost us something. Either convenience or money. >> >> Just some rants >> have fun! >> mario >> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/e6f3bbdb-0cff-4c33-8686-743ff3988a47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
