Re: [CBS MarketWatch] A nose by any other name

Date view Thread view Subject view Author view

From: Brian Atkins (
Date: Mon Jun 26 2000 - 11:02:19 PDT

Mark Day wrote:
> > << NEW YORK ( --Just as with fingerprints, people's faces are
> > distinctly their own. A new generation of pocket PCs, personal digital
> > assistants and cell phones will use the measure of one's facial
> > contours as
> > part of their security features. >>
> I can never believe how seriously people take all the the biometric systems.
> Since all of these systems also have something that corresponds
> approximately to a password file, which could be compromised by an attack or
> an insider, there seems to be relatively little attractive about them in
> real-world usage.
> More than once in my career I've been told I have to choose a new password
> because the password file had been compromised. If we're doing iris scans, I
> only have two eyes. Similarly, I have only two hands and one face.
> "Dear system user: we had a hacker break in over the weekend and compromise
> everyone's logins. Accordingly, we have scheduled plastic surgery for
> everyone."
> --Mark
> Mark Stuart Day
> Senior Scientist
> Cisco Systems

That doesn't make any sense. Your password was being used by a hacker
from "outside" to get access to the "inside" (server). Once they were
able to use it you had to change it. But that obviously can't happen
with biometric- they can't "use your iris" in a non-James-Bond world.
They only attack (assuming we are not talking about things like cutting
off hands or eyes) is to reprogram the server-side to accept the hacker's
password/iris instead of yours. So yes the biometric system still has a
weak link, but only one. Password-based systems have two weak links
since the client side can also get hacked.

Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Mon Jun 26 2000 - 11:08:37 PDT