top | item 41412591

(no title)

Seems like the key issue here is this: what is the purpose of conducting the authentication? In the case of personal accounts, it's for the benefit of the individual. They get their own account to safely store personal data. Here, the individual management of biometric authentication devices, as you described, is a great thing. A passkey can be generated without exposing biometric data. The individual has the responsibility and incentive to keep their devices secure.

But the above article is an example of the opposite case, where the authentication is for public security. In this situation, the individual cannot be entrusted with their own auth, so if each person were to use their own device, it would need to be quite tamper-proof. Seems far simpler at this point to do face / fingerprint auth, where the security guard ensures that no one is wearing a mask or fake finger. Yes, there is the concern that the bio-data could be stolen / misused, and for that reason I think that bio-auth for public safety should be limited to a single standard type (e.g. face), with the others being reserved only for private auth. That way, a compromise can be reached between public safety and individual privacy.

discuss

No comments yet.