Jump to content

Thoughts on bio-metric for password and payments?


jaime_lion

Recommended Posts

There are pros and cons, same as everything. One thing to consider is the moral aspect. For example, what if a retina scan detected signs of disease? Should the company check for things like that and warn people, or is that a breach of privacy?

Also, what if the data is compromised? You can change a password or token easily enough, but you can't change your fingerprint.

Link to comment
Share on other sites

1 hour ago, Dec100 said:

There are pros and cons, same as everything. One thing to consider is the moral aspect. For example, what if a retina scan detected signs of disease? Should the company check for things like that and warn people, or is that a breach of privacy?

Also, what if the data is compromised? You can change a password or token easily enough, but you can't change your fingerprint.

The system I used the bio-metric data was not stored on servers or such. It would read your fingerprint and send the information to the servers and get the code assigned to it. If the servers were hacked the codes could not be turned into fingerprints or anything useful.

54 minutes ago, Sebkinne said:

In my opinion Biometrics should not be used for authentication, but for identification. They are a username, not a password. Fingerprint + pin / password? Absolutely.

Will just say I have never forgotten my fingerprint at home or had a case of stupid and misspelled it or lost it. Also this is a big reason you guys get paid the big bucks to make sure to secure against the "bad guys".

 

I practice martial arts and one of the big reason I liked the finger print payment system I used was cause no one could get my wallet from me. Also the system was not set up so you could get money from it. 

Link to comment
Share on other sites

9 hours ago, jaime_lion said:

Will just say I have never forgotten my fingerprint at home or had a case of stupid and misspelled it or lost it. Also this is a big reason you guys get paid the big bucks to make sure to secure against the "bad guys".

This is true, which is why it is arguably a good username. The big drawback is that if someone DOES get ahold of your fingerprint, palm print, retinal data, etc it is practically impossible to replace or reset them. You don't all of a sudden grow a new hand just because the other was compromised. This is why this data should only be used as a sort of "username".

 

9 hours ago, jaime_lion said:

I practice martial arts and one of the big reason I liked the finger print payment system I used was cause no one could get my wallet from me. Also the system was not set up so you could get money from it. 

Lifting prints can be surprisingly easy if you aren't super careful. Having seen the work of a few teams on defeating biometric security, it's doubtful that they'll fight you for the information.

Link to comment
Share on other sites

There are some pretty interesting ways to get fingerprints. ;-) Trust me.

In short, fingerprints SHOULDN'T BE PASSWORDS! If anything, they should be equated to a user ID.

What happens when your in a breach dump? Change your password. How do you change a fingerprint besides what was done in the movie M.I.B.

 

Link to comment
Share on other sites

I totally agree that bio-metrics should be for identification only, but, unfortunately, that's not what businesses want to hear when they raise it. They want to replace passwords.

Incidentally, I recently saw a presentation from a company that is looking to replace passwords with a "profile" of user traits built up by many different aspects. For example, your phone's ID, fingerprint, how you swipe, how you hold it, where you are in the world, what time it is, etc, etc. The idea is that it takes all this input to give you a risk score, and if you don't make the set grade, you are prompted for a password or directed to call support (or whatever you choose based on the data you are protecting). It looked interesting, though we only saw controlled demos.

Link to comment
Share on other sites

This is the device I used.

 

http://www.welivesecurity.com/2013/10/24/new-fingerprint-id-system-scans-for-living-blood-and-is-solution-to-cybercrime-makers-claim/

 

Also if someone broke into the servers because fingerprint data is not stored on them there is nothing they could get. The reader reads the fingerprint and assigns a set of numbers to it. The numbers are what is stored in the server and you can not recreate a fingerprint from it. 

 

https://ebblink.com/ Here is there website they have switched gears a little and are focused on 2FA and secure sign on for IOT.

 

The big thing I see with this stuff is it is way more secure than what we use now and pretty much everyone is ok with what we use now. 

Edited by jaime_lion
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...