Its never been a good idea. Fingerprint as user identification is the worst kind of password you can come up with. You can't change it periodically; you have to use the same one for every purpose; you leave it lying around in public all the time. Forget biometrics, they're useless.
IMHO, the only biometric authentication that has any potential of ever being secure, is a retinal scan.
The barrier to break would be the "liveness check" - ensuring that you aren't presented with a molded prop, but an actual eye. I'm not sure what the state of the art is with respect to this.
The difference I see between fingerprint and retinal scan is that a fingerprint is readily visible - as this hack proves. I don't think you can capture a reliable retinal scan unless you get within centimeters of someone's eyeball with a scanner.
Additionally, since we're essentially talking about a specialized camera, the system could combine gait recognition (distance), face recognition (mid-distance) and finally retinal recognition (face on scanner). Beat that.
As always, authentication is just about authentication - you are who you "say you are". It has nothing to do with duress, etc.
actor plus doesn't allow for injury to the authentic person.
> face recognition (mid-distance)
photograph or prosthetics + makeup
> retinal recognition
photograph or prosthetic model iris built to beat "aliveness" check
None of these are hypothetical, all have been demonstrated (though perhaps not simultaneously)
To my knowledge the only biometric that hasn't yet been fooled or broken would be a scan of your brain whilst you invoke muscle memory of an action which itself is unknown to anyone but you. I wouldn't wager even that couldn't be scanned and copied in some manner.
My assumption is unbeatable "liveness check" at the retinal scanner[1]. Looking for iris contractions, etc. Can you present a functioning iris with a custom retinal image behind it?
[1] Which kind of makes the rest of the system moot. Also, good point about gait recognition.
> Can you present a functioning iris with a custom retinal image behind it?
It wouldn't need to be a real iris. Extant aliveness checks typically look for: reflections, pupil dynamics (contractions etc), frequency/resolution - these are all designed to look for digital forgeries (image on screen or paper); this leaves them open to a prosthetic model of an eye mimicking those effects (think a very sophisticated mannequin or doll's eye) backed by a generated retinal image.
Ultimately (if you want to talk absolutes) as long as the scanner can't differentiate between the original and a cloned + transplanted eye, it can never be considered unbeatable :)
As convoluted as all these sound, they're conceivably within the grasp of technology. It's worth remembering that many commercial scanners currently deployed don't implement any aliveness checks.
> It wouldn't need to be a real iris. Extant aliveness checks typically look for: reflections, pupil dynamics (contractions etc), frequency/resolution - these are all designed to look for digital forgeries (image on screen or paper); this leaves them open to a prosthetic model of an eye mimicking those effects (think a very sophisticated mannequin or doll's eye) backed by a generated retinal image.
I was asking if you are aware of such a thing existing.
Retinal scans are out, iris scans are in. If I remember correctly, beyond the age of 5 the iris banding pattern remains the same. Retinal scans get tripped up by things like pregnancy and other health issues. I'd never use it for a password though, as there are commercial products that perform iris scans at a distance of several meters on non cooperative subjects. The first thing I thought of when I saw the product, sort of a virtual turnstile, was Snowcrash and the surreptitious collection of biometric information for eventual sale on the black market.
It is better to think of it like a username than a password. None of my devices support biometrics, but if they did, I would want to have both fingerprint AND password, if that's possible. Does anyone know if any of Apple, Samsung, et al allow that?
"It is better to think of it like a username than a password"
Biometric passports with fingerprint data are common in many EU countries. The fingerprint is used to verify a person's identity, so in a way it's used as both a username and password.
Allowing the state to capture and store something very private to every individual is not without controversy. A few years ago, a German man called Michael Schwarz had his application for a passport rejected when he refused to have his fingerprints taken. He took the matter to the European Court of Justice (ECJ). In October 2013, the ECJ ruled in favour of fingerprinting for passports. The ECJ agreed that fingerprinting was a privacy intrusion but that this was outweighed by the need for security and protection against fraud. Strictly speaking, the fingerprint data should only be held in the passport, not in a central database.
Whether you agree or not with fingerprint capture will probably be influenced by how much you trust the authorities in your country. And of course, many countries collect fingerprints from visitors entering their country.
It's really unfortunate that is the case. I don't mind fingerprints, but they have to be used in combination with something else to be valid. You should be able to challenge another thing to build a valid profile. I don't trust ALL authorities in ALL countries I happen to visit or live in to be both competent with security and malevolent for ALL time. To put all your eggs in the fingerprint basket seems shortsighted.
I trust that if I had enemies that needed my fingerprint for something, that could get it easily. I touch enough objects on a daily basis that the likelihood is extremely high. I mean, someone could simply lift them from my front door, or follow me waiting for me to drop a coffee cup in the trash.
As far as facial recognition on Kinect, I don't mind it as the keeper to my gaming system, but simply having my face unlock my bank account suffers the same problem as a finger print. Your face is on so many cameras every single day. A password should be kept private. Additionally, I'm a bald man with glasses, how many others with this description would be able to open my Xbox with their face? It is useful in combination with a password, but should not (and I would argue cannot) replace a password system of some kind.
OP mentioned using biometrics as a username in combination with a password. [1] seems to imply you can add a password or pass code on xbox and I think you can do that too on a Galaxy S (?)
True. And in my opinion username is useless and should be abandoned. A good password is all you need - say 128-bit high-entropy. Its not going to be duplicated; its enough to identify you. What's the username hanging around for?
Probability says that it won't be duplicated, but what if it is? You can't say "no, sorry, you can't choose this password" because that leaks information. This is even ignoring adversarial attacks to try and get this or any birthday attacks.
In my thinking about this problem from the IoT space lately, I've been thinking about servers assigning credentials to devices, rather than devices telling you their creds. Assign a UUID and let the device generate their password/key, and the pair gives you a multiplicatively large space.
That's an obsolete notion. You are not going to duplicate a 128-bit high-entropy number. Not in several lifetimes of our sun.
Your notion is interesting. Anything that automates the client-side is good. People are terrible at managing a security contract 'by hand'
{edit} really, this superstitious notion that random numbers are 'not good enough' is embedded in our programmer culture. Folks continue to use lame solutions instead of just buying into the uuid-as-foolproof-identifier. It totally eliminates whole classes of problems and bugs. And you should be more concerned your computer will be hit by lightening, become self-ware and win the lottery 7 times, and molecularly reorganize into a teacup, before that uuid will be duplicated anywhere/anywhen.
For the record, I'm not the one downvoting you (I don't even have that ability yet!).
Security is always done in layers, though, and while you're correct that it is extremely unlikely, the chance is nonzero. As such you have to prepare for that and design your system to be resilient to these types of things. In castle terms, you trust that no one will ever breach your wall, but that doesn't mean you don't have guards and an armory inside for the unlikely event it does.
This is absolutely false. There is a high cost for copying a fingerprint and it is time consuming to perform, conspicuous and difficult to deploy the copy.
Therefore fingerprints are not a good tool when there is a lot of time for the attack, and the value is very high. However when the attack value is low, and the time available is short, they are currently a useful check.
One day, we will probably have a portable fingerprint cloner that changes the economics of this, but until we do, fingerprints are useful.
Since you dismiss biometrics as 'useless', what alternative would you suggest?
