Another way to identify users is by the speed and rhythm they type their username and password.
For example, let's think about a hypothetical company that sells a per-seat license to a database, that wants to determine if multiple people are using a license for a single seat without false positives. The easiest case to detect are multiple concurrent logins from different IPs. However, if the service/database is used less frequently and concurrent logins would not occur, then it will be harder to catch. Detecting this is made more challenging because one user might login from different IPs, computers, operating system, browsers, etc.
I like the idea of a device/app you keep on your person or maintain on your phone versus something biometric. There may be times when I want to enable a loved one to log in for me or if I become incapacitated I'd like for someone else to have the ability to unlock my info. For those reasons Clef seems to be about the right amount of functionality and device dependence for me.
> At the same time, biometric sensors raise questions of security. When Apple’s sensor was announced on Tuesday, a flurry of skepticism and privacy concerns erupted online even though Apple said users’ fingerprints would be stored only on the phone — not sent to online servers or made available to app developers.
Yes, the thumbprint is going to be the bane of the iPhone 5s. It is a horrible idea. They think phones are completely personal. They aren't. I share mine with my daughters all of the time. Sometimes my wife needs to use it. It is going to be a problem.
I'm not sure if thumbprints are worse or Microsoft's racist facial recognition that wouldn't recognize very dark African Americans.
They also should complement them so that the combination remains revokable. Using a biometric marker standalone is dangerous if that marker is somehow compromised.
Not only are biometrics not secrets, they're also not changeable.
They are essentially only a tool to allow someone else to be certain of a person's identity given that person's physical presence. You'll basically always need someone at a biometric station making sure the rules of are followed - there were some Brazilian doctors who got caught using plastic fingers to sign in and out from a finger-print time clock system, for example.
> last month, it was discovered that even passwords as long as 55 characters could be broken.
I stopped reading there. This is utter bullshit.
If 55 is doable, then 16 should be peanuts (like, many orders of magnitude easier). Here crack this md5 hash for me: 2419219bcd13f7a6dfebeca7cf94108e. We all know md5 is broken, right? By the way, this was generated by using:
head -c 16 /dev/urandom | md5sum
Of course we can crack 200-character passwords if we can make an educated guess at what it might be, but we can't break truly good passwords as short as 10 characters, even if a one-round md5 hash was used. This "revelation" is nothing more than FUD and may be completely ignored. Passwords are not broken.
Some of the characters you used are not allowed by many password systems. This decreases the entropy quite a bit, but still not enough to make your point invalid.
In my opinion there are 2 main issues with Biometrics:
- The first is that it may identify you with precision but it can not tell your will, so basically, you can force someone to use the sensor.
- The second issue is that it does not allow you to give authorization to a third party in exceptional situations.
and third: You can't change whatever attribute of yours is being measured when the data leaks out by accident. And fourth: You always share the same attribute with every service identifying you.
We've already seen password databases being compromised. If that happens, you change your password and move on. If biometric data leaks out, you a) can't change your attribute and b) you will have shared that attribute with other parties.
plus your biometric data may change over time. what do you do for those unfortunate edge cases where someone has an eye infection or a skin rash?
plus it costs a lot more to install, maintain and verify.
plus you can 'steal' someones biometric data without their knowledge (eg. from coffee cups, pictures etc.) without any real defense short of never opening your eyes or touching anything without gloves on.
plus they rely on heuristics and this lack of determinism means that either there will be false positives or false negatives. both cause issues.
... but at least it looks cool. biometrics does have that going for it.
To me, that seems to suggest that biometrics aren't really passwords (which are private, and authenticate you), so much as they are usernames (which are public, and identify you.)
Just like a username, you can know/have someone else's thumbprint, and "type it in" for the identification phase of login. And just like a username, you need a password in addition, in order to test that you're really who you say you are.
The main difference is that biometrics, unlike usernames, are unique to a person (two people in separate places can't decide to use the same thumbprint without knowing about each-other), so there's no equivalent to trying to log into a machine by using the top 50 most common username+password combinations. In other words, biometrics can always be compromised by HUMINT, and sometimes, given a flawed implementation, by SIGINT--but they're completely immune to MASINT (http://en.wikipedia.org/wiki/Measurement_and_signature_intel...).
Another way to think about it: fingerprints and the like are pretty much UUIDs you're assigned at birth. Just like a textual UUID, anyone who can read it can replicate it or retransmit it fairly easily. There's no security there. What there is, is collision-prevention. Nobody will be using a UUID you just generated unless they're trying to collide with it, specifically. If they just generate their own UUIDs, they'll never pick yours by coincidence. Much easier to detect and flag malicious logins once you can be sure that there's no chance of accidental collisions (e.g., someone just typing in their username-on-some-other-machine that happens to be already owned by someone else on this one.)
22 comments
[ 5.7 ms ] story [ 55.3 ms ] threadFor example, let's think about a hypothetical company that sells a per-seat license to a database, that wants to determine if multiple people are using a license for a single seat without false positives. The easiest case to detect are multiple concurrent logins from different IPs. However, if the service/database is used less frequently and concurrent logins would not occur, then it will be harder to catch. Detecting this is made more challenging because one user might login from different IPs, computers, operating system, browsers, etc.
[1] https://www.youtube.com/watch?v=eDo0W1tEkpk
Yes, the thumbprint is going to be the bane of the iPhone 5s. It is a horrible idea. They think phones are completely personal. They aren't. I share mine with my daughters all of the time. Sometimes my wife needs to use it. It is going to be a problem.
I'm not sure if thumbprints are worse or Microsoft's racist facial recognition that wouldn't recognize very dark African Americans.
For instance, I can think of identical twins who don't want the other to see their private photos etc...
What scares me is the idea of a cop at a random checkpoint forcing your finger onto your iPhone against your will to gain access to its contents.
A password is so much better in such a scenario.
They are essentially only a tool to allow someone else to be certain of a person's identity given that person's physical presence. You'll basically always need someone at a biometric station making sure the rules of are followed - there were some Brazilian doctors who got caught using plastic fingers to sign in and out from a finger-print time clock system, for example.
They are indeed very different from passwords.
I stopped reading there. This is utter bullshit.
If 55 is doable, then 16 should be peanuts (like, many orders of magnitude easier). Here crack this md5 hash for me: 2419219bcd13f7a6dfebeca7cf94108e. We all know md5 is broken, right? By the way, this was generated by using:
Of course we can crack 200-character passwords if we can make an educated guess at what it might be, but we can't break truly good passwords as short as 10 characters, even if a one-round md5 hash was used. This "revelation" is nothing more than FUD and may be completely ignored. Passwords are not broken.We've already seen password databases being compromised. If that happens, you change your password and move on. If biometric data leaks out, you a) can't change your attribute and b) you will have shared that attribute with other parties.
Biometric data is WAY worse than passwords.
plus it costs a lot more to install, maintain and verify.
plus you can 'steal' someones biometric data without their knowledge (eg. from coffee cups, pictures etc.) without any real defense short of never opening your eyes or touching anything without gloves on.
plus they rely on heuristics and this lack of determinism means that either there will be false positives or false negatives. both cause issues.
... but at least it looks cool. biometrics does have that going for it.
Just like a username, you can know/have someone else's thumbprint, and "type it in" for the identification phase of login. And just like a username, you need a password in addition, in order to test that you're really who you say you are.
The main difference is that biometrics, unlike usernames, are unique to a person (two people in separate places can't decide to use the same thumbprint without knowing about each-other), so there's no equivalent to trying to log into a machine by using the top 50 most common username+password combinations. In other words, biometrics can always be compromised by HUMINT, and sometimes, given a flawed implementation, by SIGINT--but they're completely immune to MASINT (http://en.wikipedia.org/wiki/Measurement_and_signature_intel...).
Another way to think about it: fingerprints and the like are pretty much UUIDs you're assigned at birth. Just like a textual UUID, anyone who can read it can replicate it or retransmit it fairly easily. There's no security there. What there is, is collision-prevention. Nobody will be using a UUID you just generated unless they're trying to collide with it, specifically. If they just generate their own UUIDs, they'll never pick yours by coincidence. Much easier to detect and flag malicious logins once you can be sure that there's no chance of accidental collisions (e.g., someone just typing in their username-on-some-other-machine that happens to be already owned by someone else on this one.)