Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  Anonymous Coward, 12 Mar 2015 @ 5:07pm

  
  

  Biometrics = Terrible Security

  Let that sink in.
  
  It is just so much easier to steal your biological information. Especially if you are the government since the practically require you to give it up to easily identify you if they need to connect you to a crime.
  
  Technology is getting so damn good that just about biometric data can be stolen from you without you even knowing it.
  
  Go and look at why the President can't even take a single shit in peace...

  [ link to this | view in chronology ]

• 

  Bri (profile), 12 Mar 2015 @ 5:25pm

  
  

  My doctors office now does hand scans, where it looks at your veins to match you to your records. It's pretty nifty. Also makes me wonder how hard it would be to trick the system.

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Mar 2015 @ 5:42pm

  
  

  Although fingerprint identification technology had been perfected a long time ago, and still in widespread use by the US Border Patrol, FBI, and domestic law enforcement agencies, the US military seems to prefer retina scans and DNA tests -- or at least that's what conquered populatons are forced to endure.
  
  http://www.dailykos.com/story/2004/12/05/77917/-The-Fallujah-Police-State-retinal-scans-and-a -DNA-database

  [ link to this | view in chronology ]

  • 

    art guerrilla (profile), 12 Mar 2015 @ 7:13pm

    
    

    Re:

    evidently 'perfected' before gummy bears...
    hhh

    [ link to this | view in chronology ]

  • 

    John Fenderson (profile), 13 Mar 2015 @ 8:08am

    
    

    Re:

    "Although fingerprint identification technology had been perfected a long time ago"
    
    The "perfected" method of fingerprint identification isn't how it's actually done, either by people or computer. What's actually done is not comparing fingerprints, but comparing a small sample of features in each print. Under the best of circumstances, this reduces the accuracy by a huge margin.
    
    "US military seems to prefer retina scans and DNA tests"
    
    Probably because fingerprints are easy to copy and forge. Retinal patterns and DNA tests are more difficult.

    [ link to this | view in chronology ]

• 

  JustShutUpAndObey, 12 Mar 2015 @ 5:56pm

  
  

  Are fingerprints really unique?

  That is certainly the myth, but as someone who did fingerprint security systems for the FBI, I've yet to find any scientific proof that they are unique.
  
  To prove it, you would have to compare all fingerprints with all other fingerprints and come up with no duplicates. Even that wouldn't be enough: you'd need to compare all fingerprints in history, past and future.

  [ link to this | view in chronology ]

  • 

    madasahatter (profile), 12 Mar 2015 @ 6:09pm

    
    

    Re: Are fingerprints really unique?

    The best data on this used identical twins and found each had different fingerprints. Also, there has been no documented case of misidentification due to two people having identical fingerprints.
    
    The problem with biometric systems is that once compromised there is ability to reset the fingerprint. With a password based system, users can change their passwords if needed.

    [ link to this | view in chronology ]

  • 

    KRA, 12 Mar 2015 @ 7:59pm

    
    

    Re: Are fingerprints really unique?

    It has been a long time since I took stats, but you don't have to test an entire population to get valid and reliable data. The idea is to take a random sample and then apply your findings to the population--the particular type of analysis tells you what your sample size needs to be.
    
    The issue with fingerprint identification is the lack of consistency in matching and the lack of any scientific basis for calling something a match. This tidbit from a Popular Mechanics article has haunted me since I first read it:
    
    

    A 2006 study by the University of Southampton in England asked six veteran fingerprint examiners to study prints taken from actual criminal cases. The experts were not told that they had previously examined the same prints. The researchers' goal was to determine if contextual information—for example, some prints included a notation that the suspect had already confessed—would affect the results. But the experiment revealed a far more serious problem: The analyses of fingerprint examiners were often inconsistent regardless of context. Only two of the six experts reached the same conclusions on second examination as they had on the first.

    
    
    Our method of taking prints and evaluating them sucks, even if we assume they are all unique. Interestingly, I trust tech companies to improve fingerprint technology more than I trust law enforcement to. Tech companies have a motive to get it right and law enforcement has a motive to keep it fuzzy.

    [ link to this | view in chronology ]

    • 

      orbitalinsertion (profile), 12 Mar 2015 @ 11:42pm

      
      

      Re: Re: Are fingerprints really unique?

      Fingerprint examination is the problem there, yes. No one matches whole prints on a regular basis, even when they have 2 whole prints to compare. Machines don't, either. But one could hope for tech companies getting it better if they are going to follow this rather stupid route for security.

      [ link to this | view in chronology ]

  • 

    John Fenderson (profile), 13 Mar 2015 @ 8:15am

    
    

    Re: Are fingerprints really unique?

    The exact pattern of your fingerprints are not coded for by your DNA, so there's a very large arbitrary and/or random component to them. It's a bit like assigning a random number to every human. There's no guarantee that each will be unique, but the odds of two being identical are very, very tiny.
    
    "To prove it, you would have to compare all fingerprints with all other fingerprints and come up with no duplicates"
    
    No, there's no need to go that far to prove it. And this issue about fingerprints has been very well studied. The usual figure cited for the odds that two people have the same fingerprint (for a single finger) is 1 in 64 million.
    
    However, due to the fact that fingerprint matching is not done by comparing entire fingerprints means that the odds of two people having their fingerprints being judged as the same are around 1 in 50,000 (depending on the exact method being used).

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Mar 2015 @ 7:50pm

  
  

  Fingerprints and DNA...

  ... can both be stored, copied and faked and neither one can be revoked.

  [ link to this | view in chronology ]

• 

  tracyanne (profile), 12 Mar 2015 @ 7:57pm

  
  

  I'll stick to my 4-digit PIN for now

  I'll stick to my 12 digit pin, 4 digit pins are so 90s

  [ link to this | view in chronology ]

• 

  fairuse (profile), 12 Mar 2015 @ 8:06pm

  
  

  This Happened, in another universe, DNA ID [video]

  ACT I.
  We are pretty good at making Science Fiction into Science.
  
  ACT II.
  People don't care how a thing does magic as long as it doesn't interfere with their goal - open car door, start car, tell the residence to go lock down, buy food.
  
  ACT III
  The leader of the [ ] makes 1 system and declares it mandatory. This system spans networks all cities and is the only way to do any task; even buy coffee.
  
  METHOD: place finger on device. The device compares DNA sample to data on file. You are a match = 1? Good. There is no invalid compare = 0. Mismatch = Infinity? Infinity means you are a clone or worse; from the future.
  
  This brings us to a VFX short film because the film has every horror you can relate to. Count the topics: hint we are trying to find the 1 solution now. It is fun to see all the security vs safety, commerce tracking, locks and passwords are DNA ID and the police have 100% of the data, the access, you are instantly guilty, go to jail, do not collect (..)
  
  -- The director's youtube accnt
  PLURALITY
  
  -- If the site boss wants embed ...
  TANSTAAFL

  [ link to this | view in chronology ]

• 

  dddimwrong (profile), 12 Mar 2015 @ 9:24pm

  
  

  Our Company has been using Finger Vein readers

  We have been using finger vein pattern readers for 3 years now and we are quite satisfied. We've had no false positives or incorrect rejections. As a biometric it would be very hard to duplicate the veins with a warm liquid coursing through them. You'd have to have one very expensive piece of equipment to duplicate someone's pattern of veins in the last half an inch of a digit. The user has to enter their user-id and then the pattern has to match and only a live finger tip will work. The user can change their user-id at any time and can change which finger they are using and each finger is in fact different. The great thing is that your finger vein pattern has absolutely no law enforcement value as no one has ever left their finger vein pattern at any crime scene.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 14 Mar 2015 @ 7:43am

    
    

    Re: Our Company has been using Finger Vein readers

    "The user has to enter their user-id and then the pattern has to match and only a live finger tip will work."
    
    Huh? Why do they have to enter a user-id? Sounds to me like it might not be quite so accurate after all if it can't identify them from their vein pattern.

    [ link to this | view in chronology ]

• 

  Anonymous Coward, 12 Mar 2015 @ 10:12pm

  
  

  Fifth Amendment concern

  Biometric fingerprints aren't protected by the Fifth Amendment, because these aren't stored in your mind.
  
  You can therefore be compelled to provide your fingerprint, and can't refuse on Fifth Amendment grounds.
  
  A password on the other hand is stored in your mind, and unless you are stupid and admit you know it, its production can't be compelled.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 13 Mar 2015 @ 8:56am

    
    

    Re: Fifth Amendment concern

    Yes, a password can be compelled.
    
    You can be held in jail until you give it up.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 14 Mar 2015 @ 7:46am

      
      

      Re: Re: Fifth Amendment concern

      "You can be held in jail until you give it up."
      
      Citation, please.

      [ link to this | view in chronology ]

• 

  Anonymous Coward, 13 Mar 2015 @ 1:10am

  
  

  You can't change your fingerprints so once someone has your fingerprint you are pretty screwed. The same goes for all biometric data.
  
  Even if you build a device that could not be tricked directly there are always other ways to get around that so having a single unchangeable identity or password is just bad business.

  [ link to this | view in chronology ]

• 

  Ninja (profile), 13 Mar 2015 @ 7:11am

  
  

  I think biometrics can be PART of the key to get into some system. But in the end it should be a mix of things so if you don't have a portion of it then you can't go in.
  
  I'd love to have a combination of password, biometrics, code generators (such as google auth), thumb keys and others. Your choice depending on how much that specific access matters.

  [ link to this | view in chronology ]

  • 

    John Fenderson (profile), 13 Mar 2015 @ 8:21am

    
    

    Re:

    Yes, from a security point of view, relying solely on fingerprints in foolish in the extreme. Of course, it's foolish in the extreme to rely on any single method of authentication anyway -- but if you're only going to use one, it shouldn't be fingerprints. Of all the authentication schemes out there, if you're going with single-factor authentication then strong passwords are still the best bet. By a lot.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 14 Mar 2015 @ 7:45am

      
      

      Re: Re:

      "strong passwords are still the best"
      
      Define "strong passwords".

      [ link to this | view in chronology ]

      • 

        John Fenderson (profile), 16 Mar 2015 @ 8:57am

        
        

        Re: Re: Re:

        "Strong" is a bit of a subjective term, but personally I consider the minimum form that qualifies is one that is at least 8 characters long and consists of a random string of characters that include punctuation and a mix of cases.
        
        Also, to count as "strong", it must only be used to access a single thing (no password duplication) and should be changed regularly. Personally, I go with every 60 days. Expired passwords get discarded, not reused.

        [ link to this | view in chronology ]

        • 

          Anonymous Coward, 17 Mar 2015 @ 8:27pm

          
          

          Re: Re: Re: Re:

          "... consists of a random string of characters that include punctuation and a mix of cases."
          
          As soon as you start making rules or patterns that it must follow, it's no longer random.

          [ link to this | view in chronology ]