Biometrics Win Support From the Lazy 124
judgecorp writes "We're used to discussions about privacy and security, but amongst users, the real issue is ease of use, according to a survey by Unisys. It's not a huge sample, but ten percent of the users in Asia were happy to be chipped and have done with it." From the article: "Frost & Sullivan security analyst James Turner said while speed of identity verification may be driving people's acceptance of biometrics, the key issue is that biometrics can be a security block, rather than an enabler. Turner added that what is more important in the smartcard debate is ratifying exactly where the identification data is stored. "
The problem being... (Score:5, Insightful)
This brings around the point that you would still need a second means of authentication anyways. meaning either a password/code to enter that you knew, or possibly some biometrics like fingerprints/retina scans. I don't trust facial geometry scanning because it also is dupable easier than stealing a retina.
the real issue is ease of use... (Score:5, Insightful)
< grrr / >
Turn it off? (Score:5, Insightful)
(But carrying around a device for turning it off kind of circumvent the whole idea... Then i could just carry an ID card with an off switch instead)
Morbidity (Score:5, Insightful)
Mind you... if all they need is a fingerprint and/or data from your RFID implant, a crook wouldn't even need you alive. The RFID chip would supposedly keep working for a while and fingerprints don't depend on you being alive. Retinas would be a different story, since they require a constant blood flow, though I'm not sure what the decay rate is for retinal tissue when you die.
Food for thought.
Re:Man I hate having to type in my /. password. (Score:3, Insightful)
Attach it written on a postit note to every cup of coffee you touch.
I'll bet that you (or some random stranger being 'you') will get that first post soon enough.
Wait a minute... (Score:4, Insightful)
Is being "chipped" biometrics at all? Or am I being a semantics Nazi?
Repeat the Story Enough (Score:4, Insightful)
Unisys has the most to gain by selling this story. They do these kinds of projects on a regular basis.
I'd be interested to hear how many of their smart card projects actually worked as promised.
Who needs RFID? (Score:4, Insightful)
Excuse me? Lazy? (Score:5, Insightful)
I don't think the users are sick of having to type -- they're sick of the situation created by lazy-ass admins who think that you create security by having 30 different accounts, each with >8 characters, with mandatory uppercase, lowercase, numerics and punctuation. Oh, and they all have to be rotated at 60 day intervals and it's easy because you just make up a little story about each of your convoluted passwords, remember all 30 of them and make up a new one and forget the old one every time you change the password!
I just had to change and lengthen my purchasing account password because, y'know, there's a huge problem with h4x0rs ordering office supplies in my name. I'll tell you where I'd like to implant an RFID chip...
Hello, Mr. Fragmentate, Welcome to Wal-Mart (Score:4, Insightful)
I already don't like when they read my credit card and say, "thank you Mr. Fragmentate." Actually, I don't really want them talking to me in a personal manner at all.
You just know that eventually they'll always just know where you are. "Shame on you Mr. Fragmentate... an NC-7 movie? Tsk." I find it hilarious that a good portion of the people recently surveyed by my company about the "evils of browser cookies" were willing to have an implant in their body, but absolutely would not allow cookies.
I don't get it. A harmless text string implanted on your hard-drive that can track you quite anonymously (the net only knows what you tell it) and that you have direct access to; versus a device implanted in your body that you have absolutely no understanding of, or control over.
It's not THAT hard to whip out the driver's license or state-issued ID. I know they're not "secure" but this article isn't talking about security -- it's talking about convenience.
Re:Man I hate having to type in my /. password. (Score:2, Insightful)
We have to educate people about what it means to provide information to a corporation that can be used as a key into other databases.
Communism (Score:2, Insightful)
Re:The problem being... (Score:4, Insightful)
And you just know someone will keep a copy of all the generated keypairs, and a whole bunch of them will be stolen.
All these are resolveable, technical issues. But they're the kind of thing that gets resolved by academics dedicated to perfecting the theory, not the kind of thing that gets resolved by a company dedicated to getting the per-chip cost down to a fraction of a penny.
Easy means wrong application. (Score:2, Insightful)
Imagine if I were using a retina or fingerprint scanner instead of a credit card. Replacing my retina/fingerprints isn't nearly as easy.
Biometrics mean you have once chance to keep your identity safe. Afterwards you're screwed for the rest of your life. For this reason I don't think biometrics is going to replace the authentication methods we already have: after a decade of using biometrics, half of us will have had our biometric information stolen and will be back to cards anyways. I'm going to beat the rush and stay with cards now
I *can* think of one potential good way to use biometrics: imagine if your drivers licence, etc, contained a jpeg file of your face that's been digitally signed by the issuing organization. That would make forgery much harder.
In summary, I think biometrics can work for applications where you don't care who sees your identifying info, but for any application where you would need to keep it secret, forget it. Not even good for the lazy.
This is a people challenge with a people solution. (Score:2, Insightful)
Where, where, where is Waldo? (Score:3, Insightful)
You have your basic triage of information:
1. Consumer/User/
2. Merchant/Provider
3. Arbitrator/Mediator/Authenticator
Each MUST be able to revoke one of the other two for such a successful system. Right now, the biggest problem in today's computing world is the consumer/user cannot revoke.
Without user revokation, the system is ineffectual against abuse (i.e., identity thefts, innocent arrest records, stuck with a Social Security Number)
What is needed is a 3-way public key exchange algorithm (can't even find that in Google).
But you know... (Score:3, Insightful)
This is the same reason that beers with twist-off caps is so popular too.
Biometrics != Chipping (Score:3, Insightful)
Chipping is no more than a fancy way of carrying an access card, a poor substitute for biometrics (really NOT a substitute). And even if it were a perfect substitute, biometrics is not a good method under some circumstances (like remote logging: was that someone speaking his passphrase on a microphone, or just a recording?).
Decision makers should leave the mothod of authentication to the experts (sane ones, excessive paranoia is detrimental too).