DailyDirt: Passwords? We Don't Need No Stinkin' Passwords
from the urls-we-dig-up dept
Fingerprint-based biometric security systems are everywhere now, but there are some well-known problems with using your fingerprints instead of a password. First off, you unconsciously leave copies of your fingerprints just about everywhere you go. Still, fingerprint sensors seem to be getting better and better. I'll stick to my 4-digit PIN for now, though, thanks, but if you like using your finger for your digital locks, check out these links.- Qualcomm has an ultrasonic fingerprint sensor that captures three dimensional characteristics of a user's fingerprint by penetrating the outer layers of skin with sound. This sensor can more accurately detect fingerprint features when fingers are wet or slathered in hand lotion, but it might not be able to identify you correctly if you get a papercut or cracked, dry skin? [url]
- Vkansee has a high-resolution optical fingerprint sensor that claims to be able to detect the sweat pores of your fingertip. This sensor isn't available on any commercial smartphones, but presumably better biometric sensors are going to be embedded in more and more devices. Yay? [url]
- There are plenty of concerns about how accurate fingerprint identifications systems are -- with issues such as false positives and false rejection rates. One of the key aspects, though, is that fingerprints are not secret and not revocable. Some systems try to detect "liveness" to make sure a fingerprint is attached to a (hopefully healthy and not under duress) living person, and there are a few other approaches to guard against spoofing, but fingerprints aren't a perfect biometric. (And no perfect biometric system exists....) [url]
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: biometrics, fingerprint, fingerprints, identification, passwords, pin, security, sensors
Companies: qualcomm, vkansee
Reader Comments
The First Word
“This Happened, in another universe, DNA ID [video]
ACT I.We are pretty good at making Science Fiction into Science.
ACT II.
People don't care how a thing does magic as long as it doesn't interfere with their goal - open car door, start car, tell the residence to go lock down, buy food.
ACT III
The leader of the [ ] makes 1 system and declares it mandatory. This system spans networks all cities and is the only way to do any task; even buy coffee.
METHOD: place finger on device. The device compares DNA sample to data on file. You are a match = 1? Good. There is no invalid compare = 0. Mismatch = Infinity? Infinity means you are a clone or worse; from the future.
This brings us to a VFX short film because the film has every horror you can relate to. Count the topics: hint we are trying to find the 1 solution now. It is fun to see all the security vs safety, commerce tracking, locks and passwords are DNA ID and the police have 100% of the data, the access, you are instantly guilty, go to jail, do not collect (..)
-- The director's youtube accnt
PLURALITY
-- If the site boss wants embed ...
TANSTAAFL
Subscribe: RSS
View by: Time | Thread
Biometrics = Terrible Security
It is just so much easier to steal your biological information. Especially if you are the government since the practically require you to give it up to easily identify you if they need to connect you to a crime.
Technology is getting so damn good that just about biometric data can be stolen from you without you even knowing it.
Go and look at why the President can't even take a single shit in peace...
[ link to this | view in thread ]
[ link to this | view in thread ]
http://www.dailykos.com/story/2004/12/05/77917/-The-Fallujah-Police-State-retinal-scans-and-a -DNA-database
[ link to this | view in thread ]
Are fingerprints really unique?
To prove it, you would have to compare all fingerprints with all other fingerprints and come up with no duplicates. Even that wouldn't be enough: you'd need to compare all fingerprints in history, past and future.
[ link to this | view in thread ]
Re: Are fingerprints really unique?
The problem with biometric systems is that once compromised there is ability to reset the fingerprint. With a password based system, users can change their passwords if needed.
[ link to this | view in thread ]
Re:
hhh
[ link to this | view in thread ]
Fingerprints and DNA...
[ link to this | view in thread ]
I'll stick to my 4-digit PIN for now
[ link to this | view in thread ]
Re: Are fingerprints really unique?
The issue with fingerprint identification is the lack of consistency in matching and the lack of any scientific basis for calling something a match. This tidbit from a Popular Mechanics article has haunted me since I first read it:
Our method of taking prints and evaluating them sucks, even if we assume they are all unique. Interestingly, I trust tech companies to improve fingerprint technology more than I trust law enforcement to. Tech companies have a motive to get it right and law enforcement has a motive to keep it fuzzy.
[ link to this | view in thread ]
This Happened, in another universe, DNA ID [video]
We are pretty good at making Science Fiction into Science.
ACT II.
People don't care how a thing does magic as long as it doesn't interfere with their goal - open car door, start car, tell the residence to go lock down, buy food.
ACT III
The leader of the [ ] makes 1 system and declares it mandatory. This system spans networks all cities and is the only way to do any task; even buy coffee.
METHOD: place finger on device. The device compares DNA sample to data on file. You are a match = 1? Good. There is no invalid compare = 0. Mismatch = Infinity? Infinity means you are a clone or worse; from the future.
This brings us to a VFX short film because the film has every horror you can relate to. Count the topics: hint we are trying to find the 1 solution now. It is fun to see all the security vs safety, commerce tracking, locks and passwords are DNA ID and the police have 100% of the data, the access, you are instantly guilty, go to jail, do not collect (..)
-- The director's youtube accnt
PLURALITY
-- If the site boss wants embed ...
TANSTAAFL
[ link to this | view in thread ]
Our Company has been using Finger Vein readers
[ link to this | view in thread ]
Fifth Amendment concern
You can therefore be compelled to provide your fingerprint, and can't refuse on Fifth Amendment grounds.
A password on the other hand is stored in your mind, and unless you are stupid and admit you know it, its production can't be compelled.
[ link to this | view in thread ]
Re: Re: Are fingerprints really unique?
[ link to this | view in thread ]
Even if you build a device that could not be tricked directly there are always other ways to get around that so having a single unchangeable identity or password is just bad business.
[ link to this | view in thread ]
I'd love to have a combination of password, biometrics, code generators (such as google auth), thumb keys and others. Your choice depending on how much that specific access matters.
[ link to this | view in thread ]
Re:
The "perfected" method of fingerprint identification isn't how it's actually done, either by people or computer. What's actually done is not comparing fingerprints, but comparing a small sample of features in each print. Under the best of circumstances, this reduces the accuracy by a huge margin.
"US military seems to prefer retina scans and DNA tests"
Probably because fingerprints are easy to copy and forge. Retinal patterns and DNA tests are more difficult.
[ link to this | view in thread ]
Re: Are fingerprints really unique?
"To prove it, you would have to compare all fingerprints with all other fingerprints and come up with no duplicates"
No, there's no need to go that far to prove it. And this issue about fingerprints has been very well studied. The usual figure cited for the odds that two people have the same fingerprint (for a single finger) is 1 in 64 million.
However, due to the fact that fingerprint matching is not done by comparing entire fingerprints means that the odds of two people having their fingerprints being judged as the same are around 1 in 50,000 (depending on the exact method being used).
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Fifth Amendment concern
You can be held in jail until you give it up.
[ link to this | view in thread ]
Re: Our Company has been using Finger Vein readers
Huh? Why do they have to enter a user-id? Sounds to me like it might not be quite so accurate after all if it can't identify them from their vein pattern.
[ link to this | view in thread ]
Re: Re:
Define "strong passwords".
[ link to this | view in thread ]
Re: Re: Fifth Amendment concern
Citation, please.
[ link to this | view in thread ]
Re: Re: Re:
Also, to count as "strong", it must only be used to access a single thing (no password duplication) and should be changed regularly. Personally, I go with every 60 days. Expired passwords get discarded, not reused.
[ link to this | view in thread ]
Re: Re: Re: Re:
As soon as you start making rules or patterns that it must follow, it's no longer random.
[ link to this | view in thread ]
The Last Word
“Fifth Amendment concern
Biometric fingerprints aren't protected by the Fifth Amendment, because these aren't stored in your mind.You can therefore be compelled to provide your fingerprint, and can't refuse on Fifth Amendment grounds.
A password on the other hand is stored in your mind, and unless you are stupid and admit you know it, its production can't be compelled.