Slashdot Mirror
The Future of Crime - Biometric Spoofing?
AxisPower9 writes "What we often watch in films and television - circumventing biometric security access - is turning from science-fiction to reality. Bori Toth, biometric research and advisory lead at Deloitte & Touche, warned that biometric spoofing is a growing concern. From the article: 'We are leaving our prints everywhere so the chance of someone lifting them and copying them is real. Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats.'"
- Something you know (a password, an answer to a question that requires private knowledge, a PIN number),
- Something you have (an RFID card, a secureID token, a bank card)
- Something you are (fingerprint, DNA, retina, brain wave)
Any *one* of these metrics is too easy to bypass. Any system that requires security should use *at least* two of these factors for authentication (eg, banks use a card + a PIN). Being able to just swipe your thumbprint to enter a secure area is bad. Having to swipe it *and* know the password is not as bad - if the thumbprint is compromised, they still need to know the password. If the password is compromised, they still need your thumbprint. Hopefully you will disocver that A is compromized and recitify it before B is compromised as well. If you had used all three types, you would have also had to lsoe your security token - something that should be noticed and replaceable quite quickly.