• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Goodbye usernames and passwords.

I knew the ICS face unlock thing was not secure...or reliable for that matter (lighting screws with it) but what about things like fingerprint scanners seems like those would be more difficult to get around.
 
If you can get anywhere near where someone lives, works or goes to school, you can lift a print. If you can lift a print, you can reproduce it with a little money and a moderate amount of time. I think Mythbusters did this, although I haven't seen that episode so I'm not sure if they used the method I'm thinking of.
 
Okay but it is still more secure than the face unlock thing lol :) My laptop has a fingerprint scanner for unlocking which is why I asked.
 
No we weren't talking about that at all Zuben :p but that would be an awesome advancement. I would be willing to be that none of us type alike! Nice article :D
 
I think other methods like biometrics were intended to be an additional factor, not replace passwords, they all just seem to be (badly) implemented now as replacements for passwords.
 
I think biometrics still freaks people out for whatever reason. I'm not sure why, but a lot of people get freaked at the idea of putting their fingerprint somewhere. I remember there being a big kerfuffle a few years ago when some banks started requiring a thumb print on checks. People thought it was a huge privacy invasion. Their signature (easily forged) was ok, but a finger print (virtually impossible to forge when the clerk is staring at you watching you do it) was unacceptable.

I've got a client who is looking at installing a new time clock. Their current clock just requires a PIN code. Problem is employees will run late, call their friend and have their friend punch in for them. I suggested a biometrics solution and they've got them out there that read palms, eyeballs and fingers. Many of them have options that allow them to be paired with a PIN, swipe card, etc... for two factor authentication. They discussed it internally and determined they weren't comfortable and their employees weren't comfortable with using any biometrics. So they went with an option that requires a swipe card only. Now they're having the same problem as earlier where employees leave their card at the office so their friends can swipe it for them or they take their card home with them and lose it somewhere. Biometrics would solve all of this, but most people aren't comfortable with it for whatever reason.
 
This is the big issue with Biometrics. I go to a bank they gather all required info needed for my identity needs. There computer stores the finger print as an image file. Bank a year later updates equipment and auction of old equipment buyer uses forensic software to retrieve old information. Gets our prints decides to sell to identitys to highest bidder. We all know you can replace bank with any other institution or devices. Electronic information is not erased only written over. This leaves us even more vulnerable. Besides what happens when an accident happens that deforms your finger/ face and it no longer recognize you as you?
 
argedion said:
This is the big issue with Biometrics. I go to a bank they gather all required info needed for my identity needs. There computer stores the finger print as an image file. Bank a year later updates equipment and auction of old equipment buyer uses forensic software to retrieve old information. Gets our prints decides to sell to identitys to highest bidder. We all know you can replace bank with any other institution or devices. Electronic information is not erased only written over. This leaves us even more vulnerable. Besides what happens when an accident happens that deforms your finger/ face and it no longer recognize you as you?
Click to expand...

If that happens you simply re-register your print. But then social engineering comes in. I forge an ID, a birth certificate and go to the bank and claim I'm you. Then I register my fingerprints as yours. Of course you could theoretically go back and find out who those fingerprints really belong to once you find out there's fraud. I'd be screwed. I'm in the system.
 
A.Nonymous said:
If that happens you simply re-register your print. But then social engineering comes in. I forge an ID, a birth certificate and go to the bank and claim I'm you. Then I register my fingerprints as yours. Of course you could theoretically go back and find out who those fingerprints really belong to once you find out there's fraud. I'd be screwed. I'm in the system.
Click to expand...

yeah but its the whole inconvenience of the thing really. Ofcourse The burden of proof is on me and if I'm in a chemical accident that burns skin off my fingers or damages my retina then I have to prove who I say I am and if you have already hacked my identity then I will have an even tougher time proving it. You could also wear liquid skin on your hand with someone else's fingerprints all together and How do contacts affect an optical reader? could I get a pair of contacts made that resemble your eyes perfectly and fool the optic reader? I'm not very fluent with all the biotec stuff but I know that the cons would outweight the pro's for the time being. Also with our biometrics the Government would be able to keep even better tabs on us or could completely wipe us out if we were an enemy of the Government or even a proactive citizen trying to enforce their rights. And no I put nothing past the Government at all.

Anyways I'm just putting stuff out there for people to think about. Fingerprints are easy to get we all leave them behind Optical if I have a good picture of you that would work (I don't believe we have 3d scanning technology just yet however I could be very wrong there as I said I don't keep up with Biometrics) Personally I don't think we have secure enough systems for storing such personal credentials anyways.
 
Not for me. And as was already mentioned, this isn't quite *new*. Maybe new to them, but not for us.

And who was it, SU that said I want things as disjointed as possible. Thank you. That's what I do. I've got different passwords for nearly everything (as password re-use is more an issue IMO)... hell, I even switch up usernames from time to time. I probably won't be 9to5cynic on the next site I sign up for.... ;) But don't worry, I'll still have an MS paint avatar.
;D
 
argedion said:
yeah but its the whole inconvenience of the thing really. Ofcourse The burden of proof is on me and if I'm in a chemical accident that burns skin off my fingers or damages my retina then I have to prove who I say I am and if you have already hacked my identity then I will have an even tougher time proving it. You could also wear liquid skin on your hand with someone else's fingerprints all together and How do contacts affect an optical reader? could I get a pair of contacts made that resemble your eyes perfectly and fool the optic reader? I'm not very fluent with all the biotec stuff but I know that the cons would outweight the pro's for the time being. Also with our biometrics the Government would be able to keep even better tabs on us or could completely wipe us out if we were an enemy of the Government or even a proactive citizen trying to enforce their rights. And no I put nothing past the Government at all.

Anyways I'm just putting stuff out there for people to think about. Fingerprints are easy to get we all leave them behind Optical if I have a good picture of you that would work (I don't believe we have 3d scanning technology just yet however I could be very wrong there as I said I don't keep up with Biometrics) Personally I don't think we have secure enough systems for storing such personal credentials anyways.
Click to expand...

Fingerprints are extremely easy to get. I have no idea how hard it is to foil a fingerprint scanner though. I've never tried it.
 
A.Nonymous said:
Fingerprints are extremely easy to get. I have no idea how hard it is to foil a fingerprint scanner though. I've never tried it.
Click to expand...

Too easy. I've worked with commercial/industrial ones in the past. And I'm talking about real fingers, not even copies of fingerprints.
 
They did biometrics on Mythbusters once, and they said its harder to fool the cheap ones than the more expensive ones. Of course, that could have just been errors or something. One test is hardly enough to be classified as 'proof'.
 
You must log in or register to reply here.
Back
Top Bottom