Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux and Biometrics?

Posted by Cliff on from the third-time's-the-charm dept.

OctaneZ asks: "While this topic has been brought up Twice Before, once in May 1999 and again in October 2000, yet another year has gone by with very little discusion, at least that I have seen in the field of UNIX and biometric scurity. There are now projects like the BioAPI Consortium. But very little has actually come of it. Is anyone out there using biometrics for UNIX security? Or security period? Any advice on implementations? Anyone with experience, give us the heads up: What works and what doesn't?"

3 of 9 comments (clear)

  1. Re:Biometrics == bad idea by jeffy124 · · Score: 2, Insightful

    solution - program in multiple metrics, like multiple fingers from each hand, both retinas, etc. Granted, someone can still have a freak accident and lose access, but the types of systems that require that type of authentication generally have multiple administrators. But what if they're all out to lunch and something happens to them? Then have someone from off-site in case of such a scenario. Doesnt even have to be an employee of that company, could be a local priest if all you need is a backup metric for someone to use. Chances of something happening to everyone are incredibly small at this point.

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
  2. Re:Biometrics == bad idea by _Neurotic · · Score: 2, Insightful

    Having considered some biometric login applications in the past (yet to implement) I can say that at least in my environment, the driving force behind biometrics is not to make a system more secure but instead to make it easier to use.

    Allowing thousands of users to login with a fingerprint could theoretically make life much easier for the end users as well front line client support, especially if a form of single signon is implemented alongside the biometrics.

    Justin McMichael

  3. Re:Biometrics == bad idea by jsled · · Score: 2, Insightful

    That's not a "back door" [in most applications], it's just 'superuser' access.

    Contrast this to a *nix box ... Alice has security from her password -- correctly used -- inasmuch as that Mallory can't just waltz into the account. But just because if Alice forgets her password and the superuser changes it to something that Alice now knows [after credential checking and with a audit trail, perhaps], I don't think you can consider that less security. In fact, having that option will prevent Alice from doing silly things -- like writing the uber-important-I-can't-ever-forget-this-password on a sticky note and leaving it on her monitor.

    As another comment suggests, a good method around this is the use of multiple biometrics ... a "strong" check against one [perhaps in conjunction with producting coroborating credentials] should allow a super-user to modify the user record. Under appropriate controls, this still provides security.

    Security comes from the application of the technology to the problem, and in the context of the system... It may be perfectly acceptable to have superuser access available to those who provide any two sides of the authentication triangle, if they can be trusted to safely deal with all sides [tokens, passwords and biometrics].