In view of its many downsides, how could biometric security ("what you are") ever become a useful and secured method for access control?
-
Fuzzy logic If you have a password or token, there is a well-defined key such as donkeyfield17.00, exactly, not donkeyfield16.99 and not donkeyfield17.01. However, how can iris or thumbprint patterns can be converted into a unique string of values which remains identical each time you scan your iris or thumbprint? Sure, the coarse patterns remains the same, but there is no guarantee that a high resolution scan will yield the exact same patterns each time. Ir-replaceability If someone stole my access token or password, I can request a new one from the administrator. However, if my thumbprint is stolen (no, not my entire thumb, a digital copy of the pattern will suffice for the hacker), then wouldn't I not be able to use biometric authentication securely for the rest of my life? Context: Biometric identification is fine in situations such as immigration control, where the biometric identity of someone is verified in person and compared to a central government database. However, I am skeptical that biometric identification could replace remote identification such as password controls on websites.
-
Answer:
In my opinion, Biometrics are only useful when physical presence can be verified. Hence, Biometric access cards make sense (for e.g. to access a building). It also makes sense to use Biometric IDs where changing the ID form is rare/not possible (e.g.: National ID numbers). For instance, while it is theoretically possible to get a new SSN, it is designed to be a hard process even if identity theft is proven (http://www.socialsecurity.gov/pubs/EN-05-10064.pdf). In such cases, I rather have my identity tied to a long biometric string than a 9 digit number, parts of which can be deduced On the other hand, I find it hard to imagine how biometrics can be used as security on web applications. In addition to the concerns you raised, the fact that the end user controls the device which records the biometric means it's disneyland for hackers :) So, I can see Biometrics replacing SSN, but not my passwords to websites.
Sandesh Anand at Quora Visit the source
Related Q & A:
- What is required to become a physical therapist?Best solution by Yahoo! Answers
- What to do to become a pharmacist?Best solution by Yahoo! Answers
- What is needed to become a game designer?Best solution by Yahoo! Answers
- How old do you have to be to become a security guard?Best solution by Yahoo! Answers
- Advice on what to do to become a police officer? please help?Best solution by Yahoo! Answers
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.