There's no doubt about it: It's the myth of fingerprints. I've seen them all and man they're all the same.



Ever since the watermelon.

Oh, the humanity! (Another German gas bag goes down in flames.)

Biometrics are teh suck. Unlike passwords, you can't change your fingerprint, iris patterns or anything else. Just stay 733t.

Hopefully this is another nail in the coffin for national ID cards and the like.

The Numbers: Hopefully this is another nail in the coffin for national ID cards and the like.

Don't be so silly rational

Yeah, no shiat. Biometrics are just dandy until they are digitized and, lo and behold, they are another set of easily copyable, easily misplaced data!
Wrote a research report on this last year. Dumbass politicians and their whiz-bang tech solutions. Here's an idea: don't allow secure information to get loose.

the Chaos Computer Club printed the image on a plastic foil that leaves fingerprints when it is pressed against biometric readers.

That's farking awesome!

Phil McKraken: Biometrics are teh suck. Unlike passwords, you can't change your fingerprint, iris patterns or anything else. Just stay 733t.

Which is why multimodal biometrics are the solution. Use two or more biometrics combined. Good luck faking a combined retina/iris scan which tests to make sure there's blood moving the vessels, or a combined fingerprint/face recognition scan.

roofmonkey: Yeah, no shiat. Biometrics are just dandy until they are digitized and, lo and behold, they are another set of easily copyable, easily misplaced data!
Wrote a research report on this last year. Dumbass politicians and their whiz-bang tech solutions. Here's an idea: don't allow secure information to get loose.

What did your research uncover? I've helped designed biometric systems, and what is being digitized has no value outside of the biometric system. There's no way to reverse engineer the data to form a fingerprint, face, or the like, unless you have complete access to the system. Fingerprints, faces, etc. are not stored; a set of values identifying "interesting" points of the biometric are stored, and later compared when a subsequent scan is done.

Frank Anthrax: Which is why multimodal biometrics are the solution. Use two or more biometrics combined.

Exactly, you need multiple forms of verification to have the greatest effect.

undflickertail: Frank Anthrax: Which is why multimodal biometrics are the solution. Use two or more biometrics combined.

Exactly, you need multiple forms of verification to have the greatest effect.

Or something like a fingerprint scanner AND a password.

//something you have and something you know

Good luck with those biometrics...



/not obscure

undflickertail: Frank Anthrax: Which is why multimodal biometrics are the solution. Use two or more biometrics combined.

Exactly, you need multiple forms of verification to have the greatest effect.

Or a newer biometric that can't be replicated with a little rubber swath? I mean, they have one now that reads the veins in your finger. Something that can't be lifted off a drinking glass, eh?

dg41: undflickertail: Frank Anthrax: Which is why multimodal biometrics are the solution. Use two or more biometrics combined.

Exactly, you need multiple forms of verification to have the greatest effect.

Or something like a fingerprint scanner AND a password.

//something you have and something you know

True, but that removes a nice advantage of biometrics: you don't need to remember a biometric, nor do you need to constantly change it to ensure that it is secure.

Alleyoop: Good luck with those biometrics...



/not obscure

Yeah, I do- TEDDY BEAR. Another reason to regularly change your passwords.

Alleyoop: Good luck with those biometrics...

See my earlier comment about retinal and/or iris scans that test for moving blood.

Frank Anthrax: Alleyoop: Good luck with those biometrics...

See my earlier comment about retinal and/or iris scans that test for moving blood.

That's dope that someone watched Demolition Man and had a valuable idea.

Kohl: Or a newer biometric that can't be replicated with a little rubber swath? I mean, they have one now that reads the veins in your finger. Something that can't be lifted off a drinking glass, eh?

Sure, but the more complex, the more costly. It is extremely hard to spoof two biometrics combined. If both are proven technologies, it's not too costly to combine them.

I do like stuff that checks for life, though (see above).

Kohl: That's dope that someone watched Demolition Man and had a valuable idea.

Thank goodness toilet paper manufacturers didn't get any bright ideas.

The human factor can lay waste to the best most advanced security.

Frank Anthrax: I do like stuff that checks for life, though (see above).

So just make certain they are still breathing when you get to the safe/door, check.

/Let them bleed out afterward

Frank Anthrax: See my earlier comment about retinal and/or iris scans that test for moving blood.

OK, then...

Step 2: Squeeze eyeball during scan to simulate heartbeat

My father said something to me decades ago which was one of the truest things I've ever heard:

"Locks are for honest people."

Alleyoop: Frank Anthrax: See my earlier comment about retinal and/or iris scans that test for moving blood.

OK, then...

Step 2: Squeeze eyeball during scan to simulate heartbeat

First, the test for moving blood is done not so much in contemplation of the severed eye, but of the fake rubber eye (which has been made to great accuracy). Second, I don't believe that would work. You'd be moving it, and if it's not still, you won't get a good scan. Probably wouldn't work for a variety of other reasons.

FTFA: "A hacker club has published what it says is the fingerprint of Wolfgang Schauble, Germany's interior minister and a staunch supporter of the collection of citizens' unique physical characteristics as a means of preventing terrorism."

i saw this somewhere else on the net earlier with instructions as to how to "biometrically 'become'" him i.e. use the finger print as your own.

/bet Kimbra's fingerprints are sexy - and blue!

Frank Anthrax: roofmonkey: Yeah, no shiat. Biometrics are just dandy until they are digitized and, lo and behold, they are another set of easily copyable, easily misplaced data!
Wrote a research report on this last year. Dumbass politicians and their whiz-bang tech solutions. Here's an idea: don't allow secure information to get loose.

What did your research uncover? I've helped designed biometric systems, and what is being digitized has no value outside of the biometric system. There's no way to reverse engineer the data to form a fingerprint, face, or the like, unless you have complete access to the system. Fingerprints, faces, etc. are not stored; a set of values identifying "interesting" points of the biometric are stored, and later compared when a subsequent scan is done.

True, the sytems themselves can be isolated and the "points of interest" you refer to can be kept somewhat secret. The main issues we identified included the tendency of habitual users to opt for more "false positive" bias (as mentioned above) because of impatience, delays, routine etc. Basically, there is always a trade-off between the security of the system and it's usability (no surprise there).
Probably the best fingerprint tech we found was the multi-modal approach you referred to, detecting blood flow in fingertips, skin conductivity etc. in addition to regular print topography. One thing that became apparent is that ANY security technology can be, and usually is, hacked much faster than it takes to develop. This "problem" is not likely to go away anytime soon, as hacker culture is deeply intertwined with technology/Internet development.
The single biggest problem we identified was technophobic types who wield a great deal of decision-making influence (career politicians, religious leaders, business executives) yet have nearly no understanding of the issues surrounding technology. They are the most likely to push for "whiz-bang" tech solutions that are obsolete or immediately compromised upon implementation. The article succinctly demonstrates this idea, that even if a good technical solution is invented it will often be implemented poorly, or there will be user error (or intentional misuse), or hackers will hack it, or the crypto will be unintentionally weak, or whatever. Something will happen, then the data is everywhere.

Alleyoop: Good luck with those biometrics...

/not obscure

That was an old Stallone movie, right? Westley Snipes plays a nutcase that froze himself, so the cop that's been chasing him his entire life does so as well? Jesus, it sounds like Austin Powers.

Demolition man, wasn't it?

Never underestimate thieves and hackers.
/Double secure biometrics just means more hostage situations
//Any security is bipassable if you want it bad enough.

I do so love the thumb-print scanner locks on the doors to one of my client's data center. The whole room is walled with drywall and aluminum studding.

Take about 3 minutes to kick your way thru.

kregh99: The human factor can lay waste to the best most advanced security.

Social Engineering

roofmonkey: stuff

Agreed. And as many people are quick to point out here, any security measure can be bypassed. However, I don't think that's an argument for not having it. If someone truly wants to do something, and it can be done, they will do it. Break security, steal your stuff, blow up a plane, whatever. But we should make it harder for them to do so (if done correctly and not in a way to appease the masses).

Would you feel safe if locks were suddenly outlawed? (Not speaking directly to you roofmonkey, just asking the question in general.)

Biometrics are not a form of security. They are a form of access control.

Similar to how your ATM card gains you access to the bank computer, but your PIN is what keeps your account locked until authorized.

When it takes a half-dozen scans, each with numerous safeguards to check against fakes to make something almost as secure as a secret four-digit code you've got a problem. Yet we've got nitwits in charge who want to tie your entire life history to a farkin' thumbprint? Not to mention that four-digit code can be CHANGED at any time should there be suspicion of it being lost or stolen.

Christ, even your super-advanced science-fiction jobs have security added on top of it. That retinal scan with voice print is accompanied by a secured code. Yeah, that super secret code it's usually spoken outloud infront of a dozen people, but it's still there!

roofmonkey: Fingerprints, faces, etc. are not stored; a set of values identifying "interesting" points of the biometric are stored, and later compared when a subsequent scan is done.

Right.

Until someone steals the data stream, you know, the part between the reader and the rest of the system.

Hehe, that reminds me, the last time I was actually in a bank, I heard a woman yell "Margo1983" across the room to some guy who was quite obviously thier IT staff.

Frickin brilliant. Glad it wasn't my bank.

/Peoples is stupid.

Frank Anthrax: more stuff

Nah, locks are well understood by people so there's less of a chance for people to wildly misapply them.

Main concern was the potential for abuse of biometric data by government/corporate types. If history is any indication, the technology and information will be "lost", and will be misused, and it will be used as another political tool to keep "undesirables" in their place.

LeftCoast_eh: Right.

Until someone steals the data stream, you know, the part between the reader and the rest of the system.

And?

I seem to remember saying something about doing something EXACTLY like this years ago.

roofmonkey: Frank Anthrax: more stuff

Nah, locks are well understood by people so there's less of a chance for people to wildly misapply them.

Main concern was the potential for abuse of biometric data by government/corporate types. If history is any indication, the technology and information will be "lost", and will be misused, and it will be used as another political tool to keep "undesirables" in their place.

Understood. I think those concerns tend to be overblown, especially in light of how biometric data is stored so as to not provide any identifying characteristics by the data alone. I also think the benefits of technologies that have had such potential have far outweighed their misuses in the past, and I see no reason to think the future will be any different.

That's not to say, though, that I'm not concerned with such misuse. To close the door on certain technologies without fully investigating both the advantages and disadvantages and balancing them against one another is a mistake.

I guess he'll have to get a new one now.

Frank Anthrax: retina/iris scan

Sure, and what are the effects of having a laser probing your retina 20 times a day for 20 years? I'll stick with a password and carpal tunnel syndrome rather than going blind, thank you.

Someone post the pic of Will Smith getting his fingerprints burnt off in the original Men in Black. My google failed me.

Frank Anthrax: roofmonkey: Frank Anthrax: more stuff

I have lost a lot of faith in technological solutions to non-technological problems, such as security. I doubt that the door will be closed on biometrics anytime soon, since fingerprinting has proven to be so useful for so long.
I agree that fears of abuse are sometimes more harmful than any actual abuse, but I REALLY do not like the trend in government/business toward "no privacy". Without Godwinning this thread, the phrase "it is inevitable and desirable" is a major red flag that something farked up is going on and should probably be stopped, or at least critically questioned and examined.

/not a libertarian
/still don't trust the gubmint

unintentional italics. whoops.

No Bunday?

syrynxx: Frank Anthrax: retina/iris scan

Sure, and what are the effects of having a laser probing your retina 20 times a day for 20 years? I'll stick with a password and carpal tunnel syndrome rather than going blind, thank you.

I imagine pretty harmful, but since neither scan uses lasers, and since it wouldn't be done 20 times a day (it's not meant as a replacement to, say, typing a password on a locked computer, but more for access to secure areas) and the technology would change after 20 years, I'm not worried.

If you're worried about the low-energy IR light used in such scans, you should never step outside again.

Oh, and iris recognition is done essentially with a photograph.

I need a new name: Demolition man, wasn't it?

Yeah, I actually got the image from HERE (someone who has way too much time on their hands).

unless you have complete access to the system. which the cops have. And cops can be corrupt. Therefore the information will get out.

Je5tEr
I do so love the thumb-print scanner locks on the doors to one of my client's data center. The whole room is walled with drywall and aluminum studding.

Take about 3 minutes to kick your way thru.


You must love this scene (how to defeat an electronic keypad) from the movie "Sneakers"..

Dubya's_Coke_Dealer: which the cops have. And cops can be corrupt. Therefore the information will get out.

You know what, I misspoke. Even that wouldn't get you much. Like I said, only "interesting" points are stored. It would be impossible to reconstruct a complete fingerprint, iris, or retina from anything available on the system.

Also, by access to the system, I meant the code as well. Can't do anything without the algorithm.