Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


The Future of Crime - Biometric Spoofing? 134

Posted by Zonk
from the bioawesome dept.
AxisPower9 writes "What we often watch in films and television - circumventing biometric security access - is turning from science-fiction to reality. Bori Toth, biometric research and advisory lead at Deloitte & Touche, warned that biometric spoofing is a growing concern. From the article: 'We are leaving our prints everywhere so the chance of someone lifting them and copying them is real. Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats.'"
This discussion has been archived. No new comments can be posted.

The Future of Crime - Biometric Spoofing?

Comments Filter:
  • Nah! You can't reconstruct that data from minutae!

    Oh wait. You can...

    • I recommend brainwave scans as the biometric of choice. Too subtle to be picked up everywhere, and therefore secure.
      • I recommend brainwave scans as the biometric of choice. Too subtle to be picked up everywhere, and therefore secure.

        And in some, too subtle be be picked up anywhere [wikipedia.org]. (See: Nonexistent [thefreedictionary.com])

      • I'm not sure if your comment was meant to be serious. If it was then you must not be someone who works with EEG recordings.

        Take it from me, I record a lot of EEG, they are not easy to record or work with. The artifact that you get from even an eye blink is enough to skew the data. Let alone someone moving other parts of the body. Granted, I don't work on using EEG as a method of identifying individuals but I have my doubts that you could get unique signature from every individual or ask people to hold s
    • True.. most importantly.. quis custodiet ipsos custodes!?
  • Immutable, too. (Score:5, Insightful)

    by Poromenos1 (830658) on Friday July 21, 2006 @09:00AM (#15755925) Homepage
    When your fingerprints have been compromised (not very hard to do) you can't change them. For this reason, I don't think biometrics is a viable solution. A long passphrase is much better, in my opinion.
    • Maybe a combination of both. You would need the fingerprints to access the password part of the security.
      • As the fingerprints will be trivially copied they add little or no security. You'd be more secure with a common magstripe card plus password system. The magstripe, at least, can only be skimmed when you use the card, while your biometrics are often 'skimmable' at any given moment.

        The only actual advantage a biometric tag adds to the setup is that you wont forget it at home, but then again, that's rather irrelevant from a security aspect.

        Of course, magstripe readers dont offer as much 'job security' to the s
      • Open source Sigs? Here, use mine!

        Can I use it in my proprietary signature, or is that one of those "bad freedoms"?
    • A long passphrase is much better, in my opinion.

      Until the Alzheimer's sets in... or you have one too many at a party the night before... get a concussion...

      Better write it on a Post-It Note... then again, better not [slashdot.org].

    • When your fingerprints have been compromised (not very hard to do) you can't change them. For this reason, I don't think biometrics is a viable solution. A long passphrase is much better, in my opinion.

      Sure it is - but only so far as it enhances existing security. Using it to replace existing technologies might be a mistake, but using it to supplement them surely isn't.

    • ... I've had the ends of several of my fingers severed (many many years ago).

      While I wouldn't consider myself handicapped (I still type much faster than most people), there are some definate accessibility concerns for some of these things that I have not seen addressed...
    • by Kadin2048 (468275) <`slashdot.kadin' `at' `xoxy.net'> on Friday July 21, 2006 @09:32AM (#15756142) Homepage Journal
      Yep ... which is exactly what people who know anything about information security have been saying for a while.

      People think that biometrics is some sort of magic bullet, because for years they've seen retina scans and fingerprint scanners on TV in all sorts of "high security" situations. But in reality, a fingerprint scan is probably not that much better than a good password -- it's certainly better than a shitty password, and in combination with a password it's probably better, but alone it's terrible.

      The fact that you can't change your fingerprints is a real problem if they start to use biometric systems for authentication. Particularly since there are biometric-ID systems used by children: in my area, they're currently testing and preparing to roll out a school-lunch system that uses fingerprints (it's a debit system -- no more stolen lunch money, and no way to tell who's on the subsidized lunch program or not). When you start using biometrics that young, you have a long time for them to possibly get compromised and spoofed.

      The fingerprints you have, you own for life: so any system has to be built on the assumption that they will be compromised. In particular, future systems should be built knowing that people are going to come in who've already had all 10 fingerprints compromised already. The solution isn't to just come up with more biometric identifiers to use as secrets, the solution is to not use them as secrets at all.
      • Same old adage... (Score:2, Redundant)

        by brunes69 (86786)
        People in security have known this for a long time. There are three types of identifiers -

        - Something you know (a password, an answer to a question that requires private knowledge, a PIN number),

        - Something you have (an RFID card, a secureID token, a bank card)

        - Something you are (fingerprint, DNA, retina, brain wave)

        Any *one* of these metrics is too easy to bypass. Any system that requires security should use *at least* two of these factors for authentication (eg, banks use a card + a PIN). Being

        • For one thing research is ongoing on ensuring the scanned print is coming off the *flesh* surface of a warm, live finger attached to a live human being.
          • If you as a verifier can ensure the security of the reader hardware, then that's great. If not (for example, for devices sold/leased/loaned to retailers), then what you have is a vendor login and what is essentially a long passphrase. Because all you KNOW is that something claiming to be a biometric reader is logging into your verifier service and presenting a stream of digitized information.
          • Years ago, Before biometric authorization systems were more then science fiction in real life, I played around with copying finger prints.

            All it took was a acanned image of a fingerprint, a reletivly decent photo printer, some thin poster board or an manila folder and some sort of powderless latex glove. Yes, even as far back as '98, i could copy fingeprints enough to make it apear somone else was in a room. This new fingerprinted glove would carry the heat of a warm living finger and has already been used
      • I've been giving some thought to this lately, and there's literally no indentifier that you can use on a long-term basis that does not lend itself to being captured or mimicked in some way. Fingerprints, retina, DNA, secure key, password, etc. What it really comes down to is verifying not only identity but location (which uniquely identifies you in a way that incorporates the dimension time, as you're only in one place at a time) and volition. I am this person, I am in this place, and I wish to initiate
      • Exactly.

        Biometric scanning should be used for nothing more than a quick & automated method of stating, not proving, identity. Biometric data is not secret - just like a name is not secret. Both can still be used as low-security identifiers though. Simply because I state that I am "George W. Bush" or "Tom Cruise" does not make it so.
      • Man if my school system wasted that kind of money on a debit system for lunch I think every school board member would be recalled and kicked the hell out.

    • When your fingerprints have been compromised (not very hard to do) you can't change them

      Ummm.... Yes you can. Although it requires an exacto knife, a hot iron, and a bottle of tequila.

      But seriously, one of my friends bio-metric logon dongle they had for their computer wouldn't recognize one of my fingers after I had an accident with a hot light bulb. It burned my thumb print til it blistered and I removed the dead skin leaving only smooth raw skin exposed for a bit. Actually, it wasn't as much as an acciden
    • Actually they are only immutable if you use your own in the first place. The obvious solution? Keep a healthy supply of other people's body parts in your freezer, and discard once compromised...
  • ...are the thoughts in your own mind.

    Well, that's what I used to think.

    No, you can't moderate me as paranoid.

    Of course.

    Really now, is that what you think?
  • hmm.. (Score:5, Interesting)

    by bigattichouse (527527) on Friday July 21, 2006 @09:05AM (#15755965) Homepage
    Lets see.. I remember a very detailed Expose [imdb.com] on these so called "borrowed ladders". Gee. You write a movie about it, and it takes almost 10 years for it to become a top news story on slashdot. I also remember an eye-scan in a movie using a plucked eye. Spaceballs used an unconscious guard's hand. As well as the "removed hand". Even scooby doo, Daphne used powder makeup to bring out the pattern of a thumbprint on a scanner to unlock something or other.
  • by krell (896769) on Friday July 21, 2006 @09:05AM (#15755966) Journal
    Always carry a pocketfull of eyeballs and thumbs...and realize, at one point, those lil' orbs are going to accidentally fall out and you are going to be chasing those slipper rolling suckers all over the floor.
  • Allright! (Score:3, Funny)

    by Nijika (525558) on Friday July 21, 2006 @09:10AM (#15755983) Homepage Journal
    This adds further realism to Charlie's Angels.
  • For every one billion dollar solution, there is a five dollar way to counter it. The weak link is not even in database - although collecting biometric data from 300 million people will be a real pain. Forging data is like stealing passwords, and once stolen, users are even less likely to set a 'secure password' or change the biometric signatures. So much for the brave new world.
    • For every one billion dollar solution, there is a five dollar way to counter it. The weak link is not even in database - although collecting biometric data from 300 million people will be a real pain.
      No, collecting biometric data from 300 million people would be the NSA's ultimate wet dream.
    • The scanned fingerprint could be used to gain access to other places , since you fingerprint would be the same.

      So anyone with a biometric scanner could use your fingerprint against you . Or they could sell it .
  • by kkiller (945601) on Friday July 21, 2006 @09:12AM (#15755997)
    Rise in Eyeball Mugging and Drive-by Thumb Stealing Blamed on Biometric-scanning vidiPods
  • by PFI_Optix (936301) on Friday July 21, 2006 @09:12AM (#15756005) Journal
    Anyone who relies on biometrics alone is asking for trouble.

    Fingerprint: not secure
    Fingerprint + password: more secure
    Fingerprint + password + voice sample: even better.

    There are harder biometrics to reproduce, like the thermal patterns of your face. For highly secure areas, multiple biometric keys, a memorized password, a voiceprint, plus a physical key/card would be ideal. And of course there's the good old-fashioned trustworthy security guard to make it even harder for the wrong person to get where they shouldn't be (assume you're restricting physical access).
  • I've just completed my brilliant plan to avoid having my fingerprints stolen. It took a lot of alcohol and a lot of paper towels to stop the bleeding, but now all of my fingertips have been severed. It sure beats wearing gloves all of the time and I can make up some elaborate story of how I lost my fingertips in combat to impress the ladies. It's foolproof!

    Now if you'll excuse me, I'm feeling a little light-headed.
  • Our faces and irises are visible and our voices are being recorded.

    http://www.theatlantic.com/doc/200209/mann [theatlantic.com]

    Iris scanner - a million bucks

    Glasses with a picture of someone else's eyeballs - $5.00

    Stickin' it to da man! - priceless.

  • The Gattaca Solution (Score:4, Interesting)

    by Billosaur (927319) * <wgrother AT optonline DOT net> on Friday July 21, 2006 @09:18AM (#15756049) Journal

    Blood. A mix of your DNA plus biomarkers. Of course if you've seen the movie, perhaps that too can be spoofed.

    In the end, there's no truly safe solution, except for multiple layers of passwords, biometrics, DNA samples, and the like, and even then, a determined foe will find a way to breach it. What Mankind can create, Mankind can subvert.

    • In the end, there's no truly safe solution, except for multiple layers of passwords, biometrics, DNA samples, and the like, and even then, a determined foe will find a way to breach it. What Mankind can create, Mankind can subvert.

      Sorry, your identical human clone has already cleared out your bank account and stolen your wife as you read this.
      Better luck next time!
    • by Anonymous Coward
      What Mankind can create, Mankind can subvert.

      Clearly it's time to start having dolphins create secure systems for us.
    • by phorm (591458)
      Not spoofed, but stolen easily enough. Just collect somebody's razor from a shower, or their female sanitary napkins, or whatever. There's plenty of ways to get blood from a target.
  • Even when I was a little kid I had a low-tech method for copying fingerprints - I noticed that partially cooled hot glue was not that painful to stick my thumb into, and it retained most of the detail from my thumbprint. I never got around for developing a method for copying my thumbprint again so as to have a properly oriented image, but I wasn't that bent on committing a crime, either.

    I predict security overall will actually get worse as time goes on, as guards rely blindly more and more on flawed tech
  • If you don't choose the cheapest ones on the market, then things are not THAT bad. Some scanners will take into account factors such as skin humidity, temperature, etc. Thus you can't just 'copy/paste' the fingerprint; nor you can chop off the person's finger.

    Take a look at the unique identifier generated by the biometric scanner, some generate a 600b 'digest' of the finger, others need several KB (hence more valuable data are stored).

    I don't know about other types of biometric scanners.. I wonder, how voic
  • by inviolet (797804) <slashdot@@@ideasmatter...org> on Friday July 21, 2006 @09:21AM (#15756073) Journal
    There are three ways to authenticate yourself:

    • something you are (fingerprints, irises, etc.)
    • something you know (passphrase, mother's maiden name, etc.)
    • something you have (key, RSA token, access card, etc.)

    As many have already pointed out, the best security uses a combination of two of the above. This is so because each one of the above has an inherent weakness.
    • It is becoming apparent that "something you are" part is quickly merging with "something you have" part as it is becoming easier to "steal" biometric properties. That, or just plain cut a hand/poke an eye scenario comes to mind.
      • Could use brain-wave authentification, which is kinda hard to read out unless you allow to, and use encryption on the reciever side, so even if someone steals the sample against which activity is mesured, he can't re-produce activity signature itself.
    • something you are (fingerprints, irises, etc.)

      All the credible books I've read mention this as a fallacy. Something you are is not a measurable property since it is impossible to make a copy of what a person is, fundamentally. Biometrics are simply something you have that is really hard to change. This is good in that others may have trouble changing their s to be yours, but bad in that once compromised, you're screwed for life.

      Biometrics are not a good part of a secure authentication solution. They are

    • There are three ways to authenticate yourself:

      I'd comfortably bet that most security professionals have rejected this concept. "Something you are" is really just a slight variation of "something you have" and there isn't anything in particular that makes them any better to make it worth differentiating.

      Something you know does have a slight variation called something you do (the way you walk, the way your brain waves are, the way you sign your signature.) It remains to be seen whether some of the less known
      • I'd comfortably bet that most security professionals have rejected this concept. "Something you are" is really just a slight variation of "something you have" and there isn't anything in particular that makes them any better to make it worth differentiating.

        The distinction is important because "something you are" things cannot be changed, whereas "something you have" is an external object that could be replaced if compromised or lost.

        The distinction is especially important now, as the world is erroneou

  • The datacenter that I spend a lot of time in for work uses these [flickr.com] biometric hand scanners. I've been told that they measure the bone density of various bones within the hand. If that is how they work then I'd think it'd be a pretty tough thing to fake. Anybody know if that is how they actually work? How reliable they really are?
    • Do they check to see if the hand is still alive? As in attached to a human body?
    • The datacenter that I spend a lot of time in for work uses these biometric hand scanners.

      Eeeew, hand scanner! One of my colos had those installed. I asked them nicely, and they gave me a proximity card instead. With people spending so much time fixing machines, there's no telling what these people do -- pick their nose, scratch their ass, do whatever icky things you can imagine in the can, and then put their nasty greasy hands on those things. Look more closely at the flickr image (or please post a high
      • Eeeew, hand scanner! One of my colos had those installed. I asked them nicely, and they gave me a proximity card instead.

        This datacenter uses a combination of both hand scanners and proximity cards. At the security booth you swipe the card next to the hand scanner then scan your hand. There's also a mantrap at the entrance to the datacenter floor. You swipe the card to open the outer door, then once you're inside and the door closes you swipe again and scan your hand. Then the inner door lets you onto
  • I could beat some of the early biometric thumb print scanners with a penile, pocket knife, and a couple of seconds. Wipe it clean, watch for some one to use it to log in, dust it with fine graphite, cover scanner with hand or shirt, press scan button.

    The real question is what happens when the person does not have a finger print? I don't!

    The state started scanning everyone's finger prints in to get a Drivers license. I used a belt sander and an 80 grit sanding belt. 3 minuets and No more finger prints! They
    • I could beat some of the early biometric thumb print scanners with a penile, pocket knife, and a couple of seconds.

      So you're saying that your penis is about the same size as a typical thumb?

      Next time you post information like this, you should probably do it anonymously. And, be careful with that pocket knife, or you may end up limited to pinky-print scanners. :)
  • In demolition man they make it clear that biometric ID might have flaws.

    I actually thought it was quite funny how they suggested he could simply rip off someones arm to "mug" them.
  • Fingerprints and DNA are left everywhere we go...

    I'm not so sure I wanna know what it is you're doing that's leaving DNA everywhere... : p
  • If fingerprint sensors were any good, the TLAs would be using them to protect classified data. Instead, companies that have such data have been told that they are not to use fingerprint scanners for that purpose.
  • Given what happened to this BMW owner [engadget.com], I would suggest that no one with any sense should use biometric security to protect anything that is valuable to thieves.
  • Now that we revel in our genius that allowed us to solve every criminal puzzle, it is easier than ever to create the perfect crime. In our hubris of being on the edge of technology, we forget that people learn to lie with what used to be "objective evidence".

    What is the perfect crime? One that cannot be solved? No. The perfect crime is one that is actually solved but with a different culprit than you. It is perfect in that sense that it closes the case. As soon as someone is locked up, the case is dropped.
    • You're forgetting something. It is actually quite hard to do what you say, and not because you need to not leave a trace of yourself at the scene of the crime as well as leave a trace of someone else. You need to pick someone who was able to commit the crime (i.e. no alibi), and preferably if the crime is one such as assault or murder, someone with a motive. You also need to have no witnesses etc. Even if objective evidence is regarded as not being able to lie (and I would question this statement), it i
      • Murder is something you should do with careful preparation. That includes not only finding a victim but also a culprit, and then framing the latter.

        Actually the way the police works plays into the murderers hands, because they need a quick success. The longer the trail chills, the lower the chance for success becomes. Also, they usually have a lot of pressure down their neck, so they have to present SOMEONE soon. And they usually grab the first suspect available. Just make sure the trails to him are strong
    • by lordsid (629982) on Friday July 21, 2006 @10:22AM (#15756542)
      The perfect crime is not a crime that is "solved" with someone else blamed. It's a crime that no one ever realizes was committed.
  • Well if it wasn't enough to worry about already. Social securty numbers...addresses...birthdays...Now that hooker you were with anonymously can use your DNA to steal your identity! At least if you were dumb enough to leave the wallet on the counter while you were rinsing off hooker spit you could change your credit cards and such...can't really change your DNA...at least not without some radiation and rather dire consequences.
  • You'll see it, day after day. At Star Labs, everyone with proper clearance peers into the little iris-recognizing window and presses their thumb on the panel. They are them permitted into the building. Sitting on a bench near the entrance you'll find Edward Scissorhands and Scott "Cyclops" Summers, forlornly begging everyone who walks by and enters the building to for once, break security protocol and just let them in!
  • In college I had a ceramics/wheel-thrown pottery prof who told a great story about fingerprints. He was a Raku(sp?) artist, which is a clay base that has a lot of sand in it... your pieces are more glass than stone. Additionally, you reduction fire it so your glazes come out with streaks of metal.. theres also some neat stuff with crackle and wood chip carbon filling the cracks. ANYWAY... think about it, this guy was doing his graduate work in an art medium that require him to have his fingers brushing a
  • by fish_in_the_c (577259) on Friday July 21, 2006 @09:43AM (#15756227)
    The biggest problem with biometrics is after it is compromised it cannot be changed.

    sure you have 10 figures and 2 eyes, but when it comes too it you will never get ADDED security with a biometric only system.
    biometric + password + keycard is the securest solution.

    something you are, something you know, something you have

    As the phrase goes in the banking security industry.
    Those have always been the only 3 options for establishing 'trust' with an unknown entity.

  • by hagbard5235 (152810) on Friday July 21, 2006 @09:45AM (#15756253)
    Identification is not authentication.

    Biometrics are fine identifiers. They are unique and immutable.

    Identification is not authentication. Not even close. Just because someone presents an identifier does not mean they are the authorized thing represented by that identifiers. By their very nature, identifiers are promiscous.

  • Lenina Huxley: That is correct, money is out-moded. All transactions are through code.
    John Spartan: All right, so he can't buy food or a place to stay for the night. And, it would be a waste of time to mug somebody. Unless he rips off somebody's hand, and let's hope he doesn't figure that one out.
  • All of these at once:
    * A little piece of hair, saliva, blood sample (for DNA)
    * A finderprint scan, but it must have a warm pulse
    * An eyeball scan
    * A voice print

    That might do it. Throw in a univeral ID chip too. Analyze it all in under 5 seconds, and you're into the ATM booth...
  • by dpbsmith (263124) on Friday July 21, 2006 @10:09AM (#15756452) Homepage
    This article [assaabloyfuturelab.com] says "A March 31, 2005 report in Malaysia's New Straits Times describes how a luxury car owner, Mr. Kumaran, was attacked by a gang of car thieves. His ordeal was apparently made worse because his S-Class Mercedes Benz was equipped with a biometric lock that prevented the car from being started without authentication by his finger or thumb print. At first the thieves had Mr. Kumaran start the car using his fingerprint. Then they took him, along with the car, to a chop-shop where they had hoped that the security system could be bypassed. When they decided that they couldn't override the security and that the fingerprint was required, they took Mr. Kumaran's left fingertip and dropped him off along the roadside where he was eventually able to find medical help."

    I guess I'd prefer to have the bad guys to use a reasonable facsimile of my finger, retina, etc. than to have them use the real thing.
  • It's just like any other security technology, nothing special. I never understood why people hold biometric data in such high regard as a security measure. Though it's true the average person probably can't spoof your data it's rarely the average person that wants to. I'm sure if the technology becomes more popular there were be the usual war between hackers and spoofers and the security industry. To its credit I find it more likely that my roomate could guess a password than spoof my fingerprint, though th
  • Don't get me wrong, I'm not pro-people my any stretch of the imagination, except when it comes to security. Sure people are lying, crooked, cheating, thieves, but they're still a lot smarter than computers. The question needs to be are we turning our information and lives over to the security of an algorithm, or to a person? The bank teller used to know your name, and that worked, then we needed photo ID's, then we need biometric ID's, smartcards, magnetic cards, backed and controlled complicated computer s
  • by Rob the Bold (788862) on Friday July 21, 2006 @10:16AM (#15756499)
    The earliest reference to biometric spoofing that I'm aware of was the book: "The Red Thumb Mark" by Austin R. Freeman. It was published in the early 20th century. The detective (Dr. Thorndyke) suspected that a bloody thumbprint left in a burgled safe was actually a plant to "finger" an innocent man. The mystery wasn't so much the identity of the crook -- which you guess correctly in the first few chapters -- but the means of making the spoof and the method of proving his crime.

    The first edition I've seen is dated 1928, but I think it was initially published nearer to 1900. The idea has been around for a while.

  • Honestly, there will never be a truly perfect authentication solution. Fingertips can be taken just as easily as passwords.
  • Even retinal scans are permutable. So I think you have to consider biometrics as a single factor in multi-factor authentication. If looked at as another layer in your defenses and not a defense in and of iteslf, then it becomes useful.
  • Yep, and I just picked up a copy of Gattaca for $5 yesterday...

  • What we often watch in films and television [...] is turning from science-fiction to reality.

    It almost implies that if something is science-fiction it will become reality. It is more the other way around. If something is done, somebody will have written about it in SF.

    As of yet there is no Positroic brain. There is no HAL 9000. I am sure a multitde of SF things can be found that have not and never will be invented.

    This will be no different then 'predicting' the future in any other way. Do enough predictions

  • If you put the security by biometrics, it mean that anyone that *REALLY* wants to break in will need.... you!
    Are you right sure you want to expose yourself to such a threat ?

    Need eye identification ? ow tempting is that to take the eye of the person ?
    I won't risk myself on this, I prefer a usb key containing an RSA key or so and a good password....
  • It doesn't matter which type of security you have, usually it gets compromised because of these 2 things:

    Administration and the human being. It's too difficult to manage a 2000 or even 200 member authentication database. The simplest administration is just not done because it is tedious or takes too much time. For example: single time sign on, a user can only be logged in once anywhere or time constrained logons, there is no reason an office employee to login in the middle of the night on the other hand, th
  • I realize everyone says that biometrics isnt a secure authenticator by itself, but wouldnt you say a retinal scan would be a bit harder to copy than a key? I would think biometrics are just as reliable as an rfid card or a key right now, but much more convenient. I think thats the ultimate issue here, is convenience, because its easy to lose a key, but how often do you misplace your eyeballs??
  • Data will use biometric spoofing to take over the Enterprise in 2367: http://en.wikipedia.org/wiki/Brothers_(TNG_episode ) [wikipedia.org] So, this problem is apparently here to stay.
  • ... we'll use the following equivalence:
    fingerprint == username
    something else == password
    Your username is easily seen, easily copied, and not kept secret, it's just convenient to use something that's hard to lose (i.e. your fingerprint) for it. I might even want to have a copy of my fingerprint on a keyring or something that I can give to someone who I'm authorising to act on my behalf.

    The password part should be something you can change if someone gets ahold of it. Possibly even an actual pass

  • We are leaving our prints everywhere so the chance of someone lifting them and copying them is real.
    The solution to this is quite obvious: If you don't have fingerprints, there's nothing for thieves to steal!

    Someone get one of those fingerprint eraser things from Men In Black in here, STAT.
  • from a Bruce Coville book [amazon.com] I read as a child.
    As technology advances, the technology to fool it advances too. There's a nice balance in that, don't you think?
  • Anyone remember the movie "Sneakers"?
    Ahead of its time...
  • This is why you should cover your mouth when sneezing or coughing. In a world of tomorrow you could end up logging into every computer in the office with one mis-placed sneeze.

    Also taking the piss, will become a common hacker passtime :D

    Are hairdressers secret DNA theifs of tomorrow!

    They can clone dolly the sheep - so key dupiong is possible :D.

    Bottom line will end up using and going thru so much red tape, might as well just use your brain. though that said hypnosis is clearly doable upon that CPU and gi
  • We are leaving our prints everywhere so the chance of someone lifting them and copying them is real.

    These days, we also have to worry about someone lifting and copyrighting our prints. And then suing us for infringement when we lift a glass of something.

    And if we leave some hair or skin cells behind, we'll find that out DNA is patented and we're hauled into court for yet another violation.
  • I've even seen (deservedly) famous security people miss the point of biometrics because they're stuck thinking in terms of passwords.

    Your facial geometry, voice print, fingerprint and so on are never expected to be secret and don't have to be secret. It makes sense to talk of a password being "compromised" and having to be revoked, because the value of a password is its secrecy. Keeping the password secret compensates for the fact that it can be reproduced by the millions and presented by anybody.

    The fundam

Get hold of portable property. -- Charles Dickens, "Great Expectations"