Something I feel that's always missed in these discussions is context: Who is the adversary you're attempting to protect against?
Your kids screwing around with your phone? TouchID does the job.
Random people screwing around with your phone if they find it? Same thing.
Government gets ahold of it? Yeah.. notsomuch.
Considering that the primary adversaries of an average smartphone user are other mere mortals, not dedicated spy agencies, a fingerprint login strikes a very good balance between usability and security.
Consider the alternative - either requiring a standard alphanumeric password on unlock (just about zero usability), or a 4 digit pin code (less usable than the fingerprint while providing identical, maybe slightly less security than that option), or more likely than not, no password of any kind, the whole touch ID thing is a massive jump forward in the security posture of the average iOS user.
Most iOS users I know have it enabled simply because it means they don't have to keep re-keying their app store password.
In the biometrics field we use the threshold that separates an authentic and impostor match score to adjust our system sensitivity - for TouchID it's set such that the false acceptance rate (FAR) is high, while the gov may set it very low (usually the standard for papers is looking at the false reject rate at 0.1% FAR).
So this article is a year old, I don't know if Apple has managed to improve things since then.
But if it were as easy to get access as the article suggests...
I agree you take the right approach by identifying adversaries. And I agree that it's relatively reliable against kids or random people randomly screwing around. And not against governments.
But there's a whole bunch in between that. Business competitors? Ex-partners or personal enemies, motivated enough to hire a private detective or similar that can easily do this?
I think the line of "reasonable defense against" for this technology is actually probably _just barely_ above random people screwing around with your phone because it was just lying there. And there's a whole lot above that but below national intelligence agency.
When you think about security, you should have in mind who you are protecting against, and the same applies to passwords.
Security purists love to advocate that password reuse is evil, but who in the first place is going to be your attacker and for which purpose?
For example, in the context of money (online banking, paypal, ebay, etc.) I completely agree that password reuse is evil.
But when it comes to random websites, or simply to access my devices does it really matter? The first time I saw the Chromebook my first impression was "do I really have to write my entire Gmail password EVERY TIME I want to access this thing???" With my Galaxy S5 I was like "Don't tell me how should I create a password to unlock you!!! If I want to use 0000 it's my problem!!!"
I personally like the approach of FastMail: Different Login methods (like using Google Authenticator to generate random one time use passwords, or the ability to create different plaintext passwords). You decide which login methods allows you to access your account, and which ones allows you to manage it.
And you don't think your children will try to hack your fingerprint with a gummy bear? A fingerprint makes a poor password and even a worse ysername. So much for asking your spouse to log in and check something for you
I always get the sense of cognitive dissonance when I read security researches and advocates write about passwords and fingerprints. If you have access to my device, you have access to my physical person, and my physical person will freely give up any password because no secret I have is worth my life. This isn't Hollywood, I'll give up my password with even the hint of physical violence that could maim or otherwise affect my quality of life.
Fingerprint readers, as Apple uses them per device backed by a strong high entropy password, are good enough for securing the average persons access to a device.
My physical security, something much more dear to me than my secrets, is protected not by keys and tumblers, but by a 1/4 inch of glass that can be cut through in seconds with $5 from the hardware store. Even the key and lock can be circumvented with a rubber mallet and a bump key, or a set of picks. So why use them? Because locks keep honest people honest, and those looking to cause you harm will cause you harm, regardless of what digital security you use.
I think you take the right approach to true security risk analysis.
But there are all sorts of cases you leave out.
Someone might very well have access to your device without having access to your physical person. Because your device was lost or stolen.
Someone may very well not be willing to threaten you with physical harm, but be willing to hack your device. (Not every adversary is from a Hollywood movie either!)
Law enforcement agencies may not be legally allowed to compel you to reveal your password, but legally allowed to hack your device.
Jake Applebaum was detained routinely during border crossings in the early wikileaks days. They (FBI?) demanded he decrypt his hard drive for them. He refused. As far as I know they never managed to get inside. This works, at least some of the time.
His argument proves too much. If he thinks fingerprints are too insecure to be allowed, then he must think the same of low-entropy passwords. Yet I don't see him advocating that Ubuntu force users to choose high-entropy passwords and rotate them regularly. If he's fine letting users choose a low level of security by picking simple passwords, why not also let them choose to auth with fingerprints?
Also, I think he misconstrues the purpose of Touch ID. It's not meant to completely replace passwords.
There are three categories of authentication methods:
1. Something you know (password, combination, challenge responses).
2. Something you have (crypto token, phone, key).
3. Something you are (fingerprint, face, DNA, etc).
Methods can be combined for added security. All three have advantages and disadvantages. Passwords are typically chosen by users, making them weak. Good crypto tokens are hard to copy, but loss or theft can mean getting locked-out. Biometrics are convenient, but can't be revoked. Also, some activities can make them hard to read.[1]
Apple uses all three authentication methods in the iPhone. Touch ID is for basic access. The passcode is for admin-level functionality like erasing or restoring the device. Lastly, physical access to the phone is required to decrypt important data such as Apple Pay's Device Access Numbers. This gives typical, non-technical users a sane combination of security and convenience. If thieves and scammers start copying fingerprints, Apple will change their auth mechanisms.
1. I love Touch ID, but it takes a while to work again after I rock climb or lift weights.
Not disagreeing with you, just going on a tangent and extrapolating the point from the article, the third method group, "something you are" might jump into the "something you have" if it can be extracted or copied from you which might be the case of fingerprints. You are the original source of fingerprint, but you leave copies of it everywhere, so then there are several sources to mimick from and they work just as well on these technologies.
I'm sure he -does- think low entropy passwords are bad. However, once compromised, those can be changed. That's the point. (Plus, passwords aren't routinely collected and shared by governmental agencies. Just throwing that out there).
As you say, with Apple's TouchID, you are actively choosing a less secure method to access your device, for convenience. But...that's also pretty close to what the author said. "Biometrics can be use used as a lightweight, convenient mechanism to establish identity, but they cannot authenticate a person or a thing alone."
His point is that for things like system access to a Linux box, or to unencrypt data (eCryptfs, the software he helps maintain), biometrics is far too insecure.
> 3. Something you are (fingerprint, face, DNA, etc).
Add there your mom's maiden name, your parent's names and you get the point; in an authentication system "something you are" must be better used more as user names rather than passwords because users can't change them. Once they're public irrecoverable attacks may happen.
There are 3 categories of authentication inputs.
(1) Something users can not change
(2) Something users can change
(3) Something the service owners or system admins can change including time synchronized codes.
You better use 1 as usernames, 2 & 3 as passwords.
There is indeed a high-risk way of doing fingerprint scanning - the way Estonia intends to do it for people who want to become its e-citizens. They want to collect everyone's fingerprints and store them in a centralized database. Good luck with that not being stolen. NSA will probably break into it the same same week it goes online.
Having the fingerprints hashes stored in a secure enclave on everyone's devices seems like a much more secure way to deal with fingerprints. The first method is completely unacceptable. The latter is more reasonable.
Why must high entropy passwords be rotated regularly anyway? Shouldn't they only need rotating after a certain number of incorrect logins? Shouldn't that number be decently high?
I don't think many (outside of perhaps Apple PR?) have argued that fingerprint security is great, absolutely speaking. Relatively speaking, however, it is great, as many phone owners would otherwise not have any sort of locking security on their devices at all. Yes a fingerprint unlock is hackable, but it's a lot less hackable than your phone being open from the get go.
I think Apple are pretty aware of the limitations - they don't accept TouchID on first login after a restart, for the first purchase after a restart, if it's been 48 hours since an unlock or for resets/major config changes. For that you either need the PIN or, if you've opted for more security, the password.
Overall it feels that Apple's take is for day to day login it's better than a four digit PIN and it's better than no PIN.
Everything about this article is well-intentioned — and wrong.
"much as a your email address or username identifies you, perhaps from a list."
Your email address or username may identify you, but it also may not. Your fingerprint absolutely identifies you and only you.
"For authentication, you need a password or passphrase. Something that can be independently chosen"
A password is a secret phrase. We're used to thinking about passwords in terms of strings, but anything secret that I know about would serve the definition. In fact, like a character-based string password, I can even make a copy of my fingerprint password and store it somewhere if I wanted a backup.
A fingerprint is both a username and a password. Trying to hold some analogy between Touch ID and traditional username/password combinations doesn't hold and it completely misses the point of the innovation.
That's why it's convenient, and skepticism of civil liberties aside, convenience means better security because people will use it.
> Your fingerprint absolutely identifies you and only you.
The whole point of the article is that this isn't true. Fingerprints are trivial to obtain and copy with sufficient fidelity to beat modern fingerprint readers.
A fingerprint is not a password because it can't be changed. If a database containing your password is leaked, you can just choose another one. What happens if a database containing your fingerprint is leaked?
And fingerprints will leak, as we are using them more and more.
Simplifying his post, there are 3 reasons biometrics are terrible for authentication:
1. Every piece of biometric data is inherently public. (Fingerprints, facial geometry, hand geometry, even DNA)
2. Biometrics require an error threshold as our bodies are always changing (that's like typing a 20char password and having only 15 of them be correct. That's fine! Let them in anyways with 5 incorrect characters)
3. Key revocation. I can change my passwords and locks if you get a copy of my passwords or keys... but once you have a copy of a biometric identifier I cannot use that again for the rest of my life.
My keys are plenty strong, but when I mistype a strong key (which is plausible seeing as I can't see what I'm typing) then I'm fine with sacrificing some strength to just accept it. My key is already well beyond practical attack anyway.
That said, if you WERE to use something like 2, you'd have to be much more diligent about enforcing good passwords, also you'd have to come up with some kinda scheme that could work with "close enough" and not reveal information about the password.
This article is from 2013. While things didn't change a lot (this years TouchID was broken as well IIRC, though I've heard it got a little better), it's hardly news.
Also, I don't think even Apple advertises its fingerprint scanner as a replacement of passwords. It is a replacement of 4-digit PINs, and for that it is far more secure. While members of CCC have the knowledge of lifting a print, most people do not have this knowledge or tools. And if you notice your phone is stolen, you can always log in to icloud.com (with your password, you cannot use TouchID there) and lock down/reset your phone immediately.
How about the user gets the option to add NFC pairing so strengthen the security of the fingerprint. Once the user sets both up, then he won't be able to login until both are recognized for authentication. It should be hassle free if that NFC pairing comes from a smartwatch or smart-band and he just picks up the phone with that hand. The NFC authentication should happen automatically without thinking about it.
The NFC would essentially function as an OTP 2nd factor (or FIDO U2F if that's better) to the fingerprint being the "password".
In the case of Touch ID, please consider that in order to circumvent it, you not only have to be able to fool the Touch ID sensor, you also have to have physical access to the device.
As with many things, it depends heavily on what you're using it for. Not as pithy for a title though, I suppose.
No amount of information entered into a computer fully proves it's you and not someone else. A fingerprint provides some information, as does a password.
This sounds like a fairly useless distinction, but hopefully this will make sense:
If all we're doing is trying to prove we're us and not someone else, why do we need a username at all? What added bonus is gained from having a completely public bit of information?
Well that's because:
1. People are bad at picking passwords, if everyone picked a 2000 character random password and kept it secret we'd not really need anything extra
2. You can't inform people if they've picked the same authentication as someone else, so you prefix it with a per-user unique value which you let people know will be public
I don't really see fingerprints as a username or a password. They're just another hint to the system that it's probably you, and you can use any combination of those three depending on what you actually care about.
For example:
I don't have a username on my phone to unlock it, just a password.
I have a username and password for HN.
I have a username, password and physical auth device for work-related logins.
The latter two are fairly obvious as differences in how important it is that I'm verified to be me, the former is because I mostly want my phone to distinguish between me and my pocket.
> But biometrics cannot, and absolutely must not, be used to authenticate an identity.
I agree with the below comments. These types of papers are always emphasizing rigor over actual experience.
Many types of "100%" security fail because of this disconnect. Forced rotating passwords or long ones with required symbols and number? Most people choose to have easy to remember ones (e.g. pass1, pass2, pass3,) Or it's so difficult to memorize that they'll write it down somewhere nearby.
The points are important, but they're directed at consumer products. I wonder how the same person would look at bike-locks...which even with the most expensive locks are only a deterrent given the right tools.
Fingerprints are not bad for local authentication. For instance if phones become more used for payment I would expect my phone to contain a secret key for payment that is unlocked easily which a fingerprint could do. So in order to compromise this they would need to get both my private key and my fingerprint. If my private key were compromised, I could then get another key. The article is right though that fingerprints should not be used as the sole means of auth though for the sheer reason that it cannot be changed.
Fingerprints aren't passwords. They also aren't usernames. They're fingerprints, and they have different characteristics from both usernames and passwords.
Rather than try to shoehorn fingerprints into our existing terminology, let's look at what fingerprints can do and what implications they provide, and then use them accordingly. The article sadly fails to do this.
Can a fingerprint even be used as an encryption key? I'd imagine that the reader doesn't generate the exact same data on every scan, and to get a "yes/no" requires seeing if the scanned print is within a certain margin-of-error of a stored print.
Passwords are not passwords, they are usernames. It's a part from the combination to identify you, while unlike usernames, it's hidden by design. Fingerprints are like passwords, they can't be easily copied and be reused somewhere else, for now.
I think fingerprint should still require a password after a duration. I'd be fine with using my fingerprint to login if I have recently logged in in the last few hours.
Good post, this is so true. Fingerprints should only be used as id, if at all. Like 'icebraining' said: Passwords can be compromised and must be changeable.
First, a fingerprint is unique, also serves as _identification_.
Secondly, a fingerprint is secure to a very high degree - cannot be easily stolen and duplicated, always is with you and so on. Thus, it serves as _authentication_ too.
EDIT: to the downvoters and critics: what you describe is using an _excess_ of effort to get my fingerprint ( technically, using force, etc ) . If I see a password, I can use it immediatelly, if you see my finger, there is a long way ( in terms of steps) until you can use the fingerprint attached to it. And btw, I am not defending Apple here.
Fingerprints can easily be acquired, if that weren't the case they wouldn't be extensively used in crime scene investigation. When fingerprints were supposed to be used as authentication, together with an ID card, in Germany, the German Chaos Computer Club acquired the fingerprint of the minister of the interior from a used glass and spoofed a reader with it by transfering the print to some adhesive tape.
you might want to review some of the literature around bypassing fingerprint readers before making that kind of statement... A large number of readers are easily fooled by copied prints. Also there's the False acceptance/false rejection rate tradeoff to consider.
Once of the major issues with biometrics is revocation. If compromised it can be difficult to change!
lol. This is not Hollywood. A phone thief isn't going to be using tape and superglue to find your fingerprint. Do you really want to encourage someone to remove your index finger when they mug you for your phone?
[+] [-] Karunamon|11 years ago|reply
Your kids screwing around with your phone? TouchID does the job.
Random people screwing around with your phone if they find it? Same thing.
Government gets ahold of it? Yeah.. notsomuch.
Considering that the primary adversaries of an average smartphone user are other mere mortals, not dedicated spy agencies, a fingerprint login strikes a very good balance between usability and security.
Consider the alternative - either requiring a standard alphanumeric password on unlock (just about zero usability), or a 4 digit pin code (less usable than the fingerprint while providing identical, maybe slightly less security than that option), or more likely than not, no password of any kind, the whole touch ID thing is a massive jump forward in the security posture of the average iOS user.
Most iOS users I know have it enabled simply because it means they don't have to keep re-keying their app store password.
[+] [-] therobot24|11 years ago|reply
The alternative you suggest is related to biometric key binding (http://www.cs.cmu.edu/~vboddeti/key-binding.html).
[+] [-] jrochkind1|11 years ago|reply
But if it were as easy to get access as the article suggests...
I agree you take the right approach by identifying adversaries. And I agree that it's relatively reliable against kids or random people randomly screwing around. And not against governments.
But there's a whole bunch in between that. Business competitors? Ex-partners or personal enemies, motivated enough to hire a private detective or similar that can easily do this?
I think the line of "reasonable defense against" for this technology is actually probably _just barely_ above random people screwing around with your phone because it was just lying there. And there's a whole lot above that but below national intelligence agency.
[+] [-] Aldo_MX|11 years ago|reply
When you think about security, you should have in mind who you are protecting against, and the same applies to passwords.
Security purists love to advocate that password reuse is evil, but who in the first place is going to be your attacker and for which purpose?
For example, in the context of money (online banking, paypal, ebay, etc.) I completely agree that password reuse is evil.
But when it comes to random websites, or simply to access my devices does it really matter? The first time I saw the Chromebook my first impression was "do I really have to write my entire Gmail password EVERY TIME I want to access this thing???" With my Galaxy S5 I was like "Don't tell me how should I create a password to unlock you!!! If I want to use 0000 it's my problem!!!"
I personally like the approach of FastMail: Different Login methods (like using Google Authenticator to generate random one time use passwords, or the ability to create different plaintext passwords). You decide which login methods allows you to access your account, and which ones allows you to manage it.
[+] [-] chrismcb|11 years ago|reply
[+] [-] mcv|11 years ago|reply
[+] [-] baffledbysmall|11 years ago|reply
Fingerprint readers, as Apple uses them per device backed by a strong high entropy password, are good enough for securing the average persons access to a device.
My physical security, something much more dear to me than my secrets, is protected not by keys and tumblers, but by a 1/4 inch of glass that can be cut through in seconds with $5 from the hardware store. Even the key and lock can be circumvented with a rubber mallet and a bump key, or a set of picks. So why use them? Because locks keep honest people honest, and those looking to cause you harm will cause you harm, regardless of what digital security you use.
[+] [-] jrochkind1|11 years ago|reply
But there are all sorts of cases you leave out.
Someone might very well have access to your device without having access to your physical person. Because your device was lost or stolen.
Someone may very well not be willing to threaten you with physical harm, but be willing to hack your device. (Not every adversary is from a Hollywood movie either!)
Law enforcement agencies may not be legally allowed to compel you to reveal your password, but legally allowed to hack your device.
Etc.
[+] [-] astazangasta|11 years ago|reply
[+] [-] Someone1234|11 years ago|reply
[+] [-] ggreer|11 years ago|reply
Also, I think he misconstrues the purpose of Touch ID. It's not meant to completely replace passwords.
There are three categories of authentication methods:
1. Something you know (password, combination, challenge responses).
2. Something you have (crypto token, phone, key).
3. Something you are (fingerprint, face, DNA, etc).
Methods can be combined for added security. All three have advantages and disadvantages. Passwords are typically chosen by users, making them weak. Good crypto tokens are hard to copy, but loss or theft can mean getting locked-out. Biometrics are convenient, but can't be revoked. Also, some activities can make them hard to read.[1]
Apple uses all three authentication methods in the iPhone. Touch ID is for basic access. The passcode is for admin-level functionality like erasing or restoring the device. Lastly, physical access to the phone is required to decrypt important data such as Apple Pay's Device Access Numbers. This gives typical, non-technical users a sane combination of security and convenience. If thieves and scammers start copying fingerprints, Apple will change their auth mechanisms.
1. I love Touch ID, but it takes a while to work again after I rock climb or lift weights.
[+] [-] gldalmaso|11 years ago|reply
[+] [-] lostcolony|11 years ago|reply
As you say, with Apple's TouchID, you are actively choosing a less secure method to access your device, for convenience. But...that's also pretty close to what the author said. "Biometrics can be use used as a lightweight, convenient mechanism to establish identity, but they cannot authenticate a person or a thing alone."
His point is that for things like system access to a Linux box, or to unencrypt data (eCryptfs, the software he helps maintain), biometrics is far too insecure.
[+] [-] diminish|11 years ago|reply
Add there your mom's maiden name, your parent's names and you get the point; in an authentication system "something you are" must be better used more as user names rather than passwords because users can't change them. Once they're public irrecoverable attacks may happen.
There are 3 categories of authentication inputs.
(1) Something users can not change
(2) Something users can change
(3) Something the service owners or system admins can change including time synchronized codes.
You better use 1 as usernames, 2 & 3 as passwords.
[+] [-] richmarr|11 years ago|reply
He doesn't have to for his point to be valid.
[+] [-] higherpurpose|11 years ago|reply
Having the fingerprints hashes stored in a secure enclave on everyone's devices seems like a much more secure way to deal with fingerprints. The first method is completely unacceptable. The latter is more reasonable.
[+] [-] LanceH|11 years ago|reply
[+] [-] CyberMonk|11 years ago|reply
[+] [-] Tyrannosaurs|11 years ago|reply
Overall it feels that Apple's take is for day to day login it's better than a four digit PIN and it's better than no PIN.
[+] [-] mrcwinn|11 years ago|reply
"much as a your email address or username identifies you, perhaps from a list."
Your email address or username may identify you, but it also may not. Your fingerprint absolutely identifies you and only you.
"For authentication, you need a password or passphrase. Something that can be independently chosen"
A password is a secret phrase. We're used to thinking about passwords in terms of strings, but anything secret that I know about would serve the definition. In fact, like a character-based string password, I can even make a copy of my fingerprint password and store it somewhere if I wanted a backup.
A fingerprint is both a username and a password. Trying to hold some analogy between Touch ID and traditional username/password combinations doesn't hold and it completely misses the point of the innovation.
That's why it's convenient, and skepticism of civil liberties aside, convenience means better security because people will use it.
[+] [-] matt_kantor|11 years ago|reply
The whole point of the article is that this isn't true. Fingerprints are trivial to obtain and copy with sufficient fidelity to beat modern fingerprint readers.
- http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
- http://www.heise.de/video/artikel/iPhone-5s-Touch-ID-hack-in...
- http://www.discovery.com/tv-shows/mythbusters/mythbusters-da...
- http://www.instructables.com/id/How-To-Fool-a-Fingerprint-Se...
[+] [-] BoppreH|11 years ago|reply
And fingerprints will leak, as we are using them more and more.
[+] [-] patsplat|11 years ago|reply
[+] [-] tigereyeTO|11 years ago|reply
Simplifying his post, there are 3 reasons biometrics are terrible for authentication:
1. Every piece of biometric data is inherently public. (Fingerprints, facial geometry, hand geometry, even DNA)
2. Biometrics require an error threshold as our bodies are always changing (that's like typing a 20char password and having only 15 of them be correct. That's fine! Let them in anyways with 5 incorrect characters)
3. Key revocation. I can change my passwords and locks if you get a copy of my passwords or keys... but once you have a copy of a biometric identifier I cannot use that again for the rest of my life.
Well done, Dustin.
[+] [-] GhotiFish|11 years ago|reply
My keys are plenty strong, but when I mistype a strong key (which is plausible seeing as I can't see what I'm typing) then I'm fine with sacrificing some strength to just accept it. My key is already well beyond practical attack anyway.
That said, if you WERE to use something like 2, you'd have to be much more diligent about enforcing good passwords, also you'd have to come up with some kinda scheme that could work with "close enough" and not reveal information about the password.
[+] [-] M4v3R|11 years ago|reply
Also, I don't think even Apple advertises its fingerprint scanner as a replacement of passwords. It is a replacement of 4-digit PINs, and for that it is far more secure. While members of CCC have the knowledge of lifting a print, most people do not have this knowledge or tools. And if you notice your phone is stolen, you can always log in to icloud.com (with your password, you cannot use TouchID there) and lock down/reset your phone immediately.
[+] [-] higherpurpose|11 years ago|reply
The NFC would essentially function as an OTP 2nd factor (or FIDO U2F if that's better) to the fingerprint being the "password".
[+] [-] adamlett|11 years ago|reply
[+] [-] Raphmedia|11 years ago|reply
[+] [-] IanCal|11 years ago|reply
No amount of information entered into a computer fully proves it's you and not someone else. A fingerprint provides some information, as does a password.
This sounds like a fairly useless distinction, but hopefully this will make sense:
If all we're doing is trying to prove we're us and not someone else, why do we need a username at all? What added bonus is gained from having a completely public bit of information?
Well that's because:
1. People are bad at picking passwords, if everyone picked a 2000 character random password and kept it secret we'd not really need anything extra 2. You can't inform people if they've picked the same authentication as someone else, so you prefix it with a per-user unique value which you let people know will be public
I don't really see fingerprints as a username or a password. They're just another hint to the system that it's probably you, and you can use any combination of those three depending on what you actually care about.
For example:
I don't have a username on my phone to unlock it, just a password.
I have a username and password for HN.
I have a username, password and physical auth device for work-related logins.
The latter two are fairly obvious as differences in how important it is that I'm verified to be me, the former is because I mostly want my phone to distinguish between me and my pocket.
> But biometrics cannot, and absolutely must not, be used to authenticate an identity.
This is incredibly context dependent.
My pithy one liner:
All absolute statements are flawed.
[+] [-] dlwj|11 years ago|reply
Many types of "100%" security fail because of this disconnect. Forced rotating passwords or long ones with required symbols and number? Most people choose to have easy to remember ones (e.g. pass1, pass2, pass3,) Or it's so difficult to memorize that they'll write it down somewhere nearby.
The points are important, but they're directed at consumer products. I wonder how the same person would look at bike-locks...which even with the most expensive locks are only a deterrent given the right tools.
[+] [-] specialp|11 years ago|reply
[+] [-] mikeash|11 years ago|reply
Rather than try to shoehorn fingerprints into our existing terminology, let's look at what fingerprints can do and what implications they provide, and then use them accordingly. The article sadly fails to do this.
[+] [-] dschiptsov|11 years ago|reply
Unique id could be something as silly as
or just any unique number, like cell phone number.Again, a fingerprint or an image of a retina is a signature or password not an id or username.
[+] [-] phantom784|11 years ago|reply
[+] [-] linuxhansl|11 years ago|reply
* Something you have (like an access card or badge)
* Something you know (like a password)
* Something you are (like a fingerprint, iris scan, or a simply a photo)
Fingerprints are bit weird as you do in fact leave them around everywhere. Like iris scans I would qualify them as better photographs.
[+] [-] 4684499|11 years ago|reply
[+] [-] noko|11 years ago|reply
Something you know: Username/password Something you have: security key/phone Something you are: fingerprint/facial recognition
Those are three factors of authentication. Can anyone think of others?
[+] [-] clubhi|11 years ago|reply
[+] [-] unknownBits|11 years ago|reply
[+] [-] ccozan|11 years ago|reply
First, a fingerprint is unique, also serves as _identification_.
Secondly, a fingerprint is secure to a very high degree - cannot be easily stolen and duplicated, always is with you and so on. Thus, it serves as _authentication_ too.
EDIT: to the downvoters and critics: what you describe is using an _excess_ of effort to get my fingerprint ( technically, using force, etc ) . If I see a password, I can use it immediatelly, if you see my finger, there is a long way ( in terms of steps) until you can use the fingerprint attached to it. And btw, I am not defending Apple here.
[+] [-] wnkrshm|11 years ago|reply
[+] [-] raesene4|11 years ago|reply
Once of the major issues with biometrics is revocation. If compromised it can be difficult to change!
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] 4ad|11 years ago|reply
[+] [-] noko|11 years ago|reply
[+] [-] LunaSea|11 years ago|reply
[deleted]