I saw this as a part of the "quick list" and decided to make a thread on it, since apparently there isn't one already.
Biometrics and why they're terrible:
We've all seen cool sci-fi movies where the main character enters a secure facility and gains access by looking into a machine that scans his retina. In the movies it is a foolproof method of identification that can't be forged. But unfortunately for us, this isn't the movies.
The problem is that of authentication. Meaning, "how do you prove to somebody else that you are who you say you are?" The typical solution to this problem is using a username and password system. We're all familiar with it, and it has some obvious flaws.
1) Passwords can be guessed.
2) Almost everybody uses the same password for every account they have.
3) Humans are only capable of remembering short passwords that are vulnerable to cracking techniques.
So we say: "Boy, wouldn't it be great to get rid of these passwords? What can we use to identify ourselves by? Hmmm... I know! Fingerprints and retinas!" Now you don't have passwords anymore right? Wrong.
Biometrics are nothing more than passwords that you can never change.
A biometric scanner reads your fingerprint and stores it to a computer as a series of 0's and 1's. That series is your fingerprint, and is no different than a password. Only this one you can't ever change if it gets stolen!
Never, ever use biometrics as an actual method of secure login. It is far safer to just use a long and complex password.
If the US adopted a policy of National Biometric Identification, identity theft would absolutely skyrocket.
PS: I sure hope this doesn't double thread-post... the boards are acting up right now...
Biometrics and why they're terrible:
We've all seen cool sci-fi movies where the main character enters a secure facility and gains access by looking into a machine that scans his retina. In the movies it is a foolproof method of identification that can't be forged. But unfortunately for us, this isn't the movies.
The problem is that of authentication. Meaning, "how do you prove to somebody else that you are who you say you are?" The typical solution to this problem is using a username and password system. We're all familiar with it, and it has some obvious flaws.
1) Passwords can be guessed.
2) Almost everybody uses the same password for every account they have.
3) Humans are only capable of remembering short passwords that are vulnerable to cracking techniques.
So we say: "Boy, wouldn't it be great to get rid of these passwords? What can we use to identify ourselves by? Hmmm... I know! Fingerprints and retinas!" Now you don't have passwords anymore right? Wrong.
Biometrics are nothing more than passwords that you can never change.
A biometric scanner reads your fingerprint and stores it to a computer as a series of 0's and 1's. That series is your fingerprint, and is no different than a password. Only this one you can't ever change if it gets stolen!
Never, ever use biometrics as an actual method of secure login. It is far safer to just use a long and complex password.
If the US adopted a policy of National Biometric Identification, identity theft would absolutely skyrocket.
PS: I sure hope this doesn't double thread-post... the boards are acting up right now...