Slashdot Mirror

← Back to Stories (view on slashdot.org)

DIY Iris Scanning?

Posted by ryuzaki0 on from the home-made-security dept.

gadzook33 asks: "There have been rumors floating around about DIY iris scanning, using digital cameras for biometric security. Iris scanning presents a fantastic alternative to password-based authentication but hasn't really come to our desktops yet. I've looked around but can't find any concrete material on the subject. Is anyone doing this? Are there any efforts to develop open software for this sort of thing? Are patents holding things up? Given that passwords are an almost defunct technique for protecting data in certain situations, it would be nice to have an alternative."

2 of 54 comments (clear)

  1. Don't Look! by SEWilco · · Score: 0, Offtopic

    When I first tried to read this article and got "Nothing for you to see here. Please move along."

  2. Password function related to brain function by dascandy · · Score: 0, Offtopic

    Efficiency and effectiveness of passwords is linearly related to your brain's capacity to learn new passwords once in a while and also strongly related to your intelligence in choosing a proper password. If you have a proper password that's not too old, you're safe.

    Too old is related to the strength of the password. In general, you should choose a password for a period of a month or possibly a few months. You then decide how complex it should be to be safe during at least that period, then you choose a password that's within an fair distribution of that class, preferably by explicitly not choosing from another subclass of the passwords that is known to be weaker. If you also calculate in the advances in password cracking you should be able to work out a decent set to choose from.

    Specifically, most system administrators reduce the theory to this: at least 8 characters of which at least one number and at least one special character.

    This doesn't work in more than one way. First of all, the user doesn't know about any generic-spread he or she should be doing and will just pick some word with numbers or characters behind it. That's quite a small subset of the intended target. Users choose such weak passwords because they don't really care about the password or the protection, they just want to get their work done and the password thing including the change-your-password thing is an annoyance you have to live with (in their perspective). If/When their account is hacked (because of the not too bright password) they claim somebody hacked it and that they couldn't have helped the secrets in it leaking out. People don't use passwords for security, people use passwords because somebody tells them to use passwords.