Human Ear Could Be Next Biometric System
narramissic writes "A team of researchers at the University of Southampton, UK, has received funding from the UK's Engineering and Physical Sciences Research Council to learn whether otoacoustic emissions (OAE), the ear-generated sounds that emanate from within the spiral-shaped cochlea in the inner ear, can be used as a viable biometric technology like fingerprints and IRIS recognition. According to a report in New Scientist, someday instead of asking for passwords or pin numbers, a call center or bank would simply use a device on their telephone to produce a brief series of clicks in the recipient's ear to confirm the person is who they say they are." Try faking that with gummy bears.
How fucking hard is it?
"My name is Bob, and I would like to access your services."
"Hello Bob, please prove you are Bob."
"Ok, here is my password."
"Thank you Bob, please wait while I check your authorizations. Ok Bob, you now have access."
So fucking simple.
If people can't be bothered to remember passwords, that's their problem.
If people choose shitty passwords, that's their problem.
If people get their shit snooped sniffed or keylogged, that's their problem.
We have methods of helping retarded users - such as enforcing decent passwords, requiring passwords to be changed, and requiring additional out-of-band passwords to prevent keyloggers and other snooping bullshit.
Regardless of what added layers you add, the key relies in making sure that the system and the user know something that no one else does.
Last I heard, they were logging our keystrokes via the sound of our typing, the em radiation, and the noise in our power lines.
Certificate Authorities are just centralized problems waiting to happen.
Public-key / private-key schemes are open to many of the same attacks as a password (a private key is a long password), as well as brute force attacks that can be run out-of-band without anyone being the wiser.
Keep the secret in your head.
Secure the secret on the other end. If you're using a typical password scheme, make sure that you're not using bog standard encryption routines that some bum can crack running JohnTheRipper once he grabs the hases. When your IT guy gets fired for playing WoW all day, change your encryption routines.