Linux and Biometrics?

OctaneZ asks: "While this topic has been brought up Twice Before, once in May 1999 and again in October 2000, yet another year has gone by with very little discusion, at least that I have seen in the field of UNIX and biometric scurity. There are now projects like the BioAPI Consortium. But very little has actually come of it. Is anyone out there using biometrics for UNIX security? Or security period? Any advice on implementations? Anyone with experience, give us the heads up: What works and what doesn't?"

Biometrics == bad idea

[polymath69]

Biometrics for security authentication is basically a flawed idea. This is why.

Imagine a biometrically-secure system, where the files you can access are encrypted until you log in by verifying whatever you like (left thumbprint, left retina-print, etc.) Now imagine that you, a user or administrator of this system, lose your key thumb or lose your left eye in a freak pizza accident.

One of two things happens. Either you forever lose all your access to that data and system, or ... someone can edit the authorization protocols and let you back in. That, my friend, is known as a back door. A system that has one can't be considered secure anyway.

And you can't say that you can just go to the administrator to change your authentication. If you own the system, and you lose your eye, you've lost your root password and are forever SOL. Or, as I said, you have another way in, and so the biometric authentication was a sham anyway.

Biometric authentication for computer login authentication is a bad idea. It does have its applications (physical site security, for example) but it's a bad idea to bolt it on over a computer operating system, and expect security to result.