From: Brian Atkins (firstname.lastname@example.org)
Date: Mon Jun 26 2000 - 11:02:19 PDT
Mark Day wrote:
> > << NEW YORK (Office.com) --Just as with fingerprints, people's faces are
> > distinctly their own. A new generation of pocket PCs, personal digital
> > assistants and cell phones will use the measure of one's facial
> > contours as
> > part of their security features. >>
> I can never believe how seriously people take all the the biometric systems.
> Since all of these systems also have something that corresponds
> approximately to a password file, which could be compromised by an attack or
> an insider, there seems to be relatively little attractive about them in
> real-world usage.
> More than once in my career I've been told I have to choose a new password
> because the password file had been compromised. If we're doing iris scans, I
> only have two eyes. Similarly, I have only two hands and one face.
> "Dear system user: we had a hacker break in over the weekend and compromise
> everyone's logins. Accordingly, we have scheduled plastic surgery for
> Mark Stuart Day
> Senior Scientist
> Cisco Systems
That doesn't make any sense. Your password was being used by a hacker
from "outside" to get access to the "inside" (server). Once they were
able to use it you had to change it. But that obviously can't happen
with biometric- they can't "use your iris" in a non-James-Bond world.
They only attack (assuming we are not talking about things like cutting
off hands or eyes) is to reprogram the server-side to accept the hacker's
password/iris instead of yours. So yes the biometric system still has a
weak link, but only one. Password-based systems have two weak links
since the client side can also get hacked.
This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 11:08:37 PDT