Face To Face With the 'Human Barcode'

← Back to Stories (view on slashdot.org)

Face To Face With the 'Human Barcode'

Posted by timothy on Friday July 27, 2012 @01:26AM from the back-to-back-sacroiliac dept.

silentbrad writes with this excerpt from the Financial Post: "Fast-evolving biometric technologies are promising to deliver the most convenient, secure connection possible between you and your bank account — using your body itself in place of all of those wallets and purses stuffed with cash, change and plastic cards. Biometrics is the science of humans' physiological or behaviourial characteristics and it's being used to develop technology that recognizes and matches unique patterns in human fingerprints, faces and eyes and even sweat glands and buttock pressure. Its applications in the financial realm are a potentially huge time and effort saver, but that's just a beginning for the technology's usefulness. ... [BIOPTid Inc.]'s One Touch cube, set to be on the market within a year, is an external device that users can hook up to their computers and mobile electronics to replace passwords for Internet logins and banking. The cube reads a personal sweat gland barcode to verify identity from the moisture on a user's fingertip. ... 'Biometrics is something that's used by governments, it's used by "Big Brother" to keep an eye on us and we want to change that,' says [BIOPTid chief Scott McNulty] 'We think biometrics is something that can be actually used by the people and it becomes their technology that they use to protect themselves.'"

111 comments

Min score:

Reason:

Sort:

but you can change a password by Anonymous Coward · 2012-07-27 01:30 · Score: 5, Insightful

Once a biometric has been compromised (e.g., someone obtains a copy of your fingerprints), you're stuffed.
1. Re:but you can change a password by Jeremiah+Cornelius · 2012-07-27 01:54 · Score: 1
  
  PLEASE! Buy our device! It's even on Slashdot, you cook geeks!
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
2. Re:but you can change a password by gweihir · 2012-07-27 02:00 · Score: 2
  
  Not totally. If the biometric fingerprint is verified under controlled conditions (i.e. a competent person supervising it), it remains useful after compromise. That does only apply to the big-brother scenario though. But even then, this has very high verification cost and negates the claimed advantages.
  Otherwise: Biometrics is snake-oil. Without the usual human greed (paired stupidity on customer side), nobody would even be talking about it anymore, as it is completely unsuitable to lower costs as unsupervised verification is insecure because of the theft problem. It has sort-of a "SciFi" feeling to it, but that is the sum of its real advantages.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:but you can change a password by Joce640k · 2012-07-27 02:11 · Score: 1
  
  Not totally. If the biometric fingerprint is verified under controlled conditions (i.e. a competent person supervising it).
  Snork. I just blew coffee out of my nose (luckily I use a Model M and it survived...)
  PS: What about people who don't have fingerprints? Pretty much anybody who does manual work will have very little fingerprint on their fingers.
  
  --
  No sig today...
4. Re:but you can change a password by nschubach · 2012-07-27 02:11 · Score: 1
  
  you cook geeks!
  As long as the instructions are on the side of the box...
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
5. Re:but you can change a password by Anonymous Coward · 2012-07-27 02:31 · Score: 1
  
  There is no such thing as "controlled" conditions. Since the whole point of a security system is, that you don't need a human to check.
  If you need a human, you can just leave away the system in the first place.
  The whole point of a password, is that only you know it!
  But with biometrics, everyone can find them out, if he wants.
  And every time some retard presents such a device, somebody makes a laughing stock out of him, by making a copy of his biometrics, and doing funny stuff with it.
  Then, the inventor can't even change his "password" and the news quickly die off.
  Until the next retard comes along.
  It can, by definition never be secure. Just as DRM. Because everybody you want to keep the secret from, has free access to the secret. (In the DRM case, even has to have free access, for it to work at all.)
6. Re:but you can change a password by hoggoth · 2012-07-27 02:32 · Score: 1
  
  Our research shows that people who do manual work are not relevant to the demographic we are targeting. Let them eat cake.
  
  --
  - For the complete works of Shakespeare: cat /dev/random (may take some time)
7. Re:but you can change a password by boristdog · 2012-07-27 02:32 · Score: 1
  
  And getting that fingerprint-lock locker open after an hour in the hot tub at the gym is damn near impossible.
8. Re:but you can change a password by jbmartin6 · 2012-07-27 02:42 · Score: 1
  
  No fingerprints is also common among medical workers who are constantly scrubbing their hands.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
9. Re:but you can change a password by Dishevel · 2012-07-27 03:20 · Score: 2
  
  Geeks do not follow the instructions on the side of the box.
  They research it on Google then watch a youtube video on how to hack the hamburger helper and customize it for hardcore vegans or how make it code monkey friendly. Then they put their own twist on it and upload the video of their "Hamburger Helper Hack" to youtube and post about it on their blog.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
10. Re:but you can change a password by silentbrad · 2012-07-27 03:40 · Score: 1
  
  According to the article, this particular one reads the sweat glands on the fingertip: "In addition to the metaphorical connotation, he trademarked his technology as “the human barcode” because the sweat-gland patterns create a numerical reading like a computerized barcode." There's also a Japanese one in the article that reads body pressure, "technology dubbed 'butt biometrics' by some tech press following its introduction last year." And one other that can recognize a face based on partial images like "a criminal wearing a balaclava".
11. Re:but you can change a password by sociocapitalist · 2012-07-27 04:07 · Score: 1
  
  Once a biometric has been compromised (e.g., someone obtains a copy of your fingerprints), you're stuffed.
  Especially if the metric used is "buttock pressure"...
  
  --
  blindly antisocialist = antisocial
12. Re:but you can change a password by Marillion · 2012-07-27 05:26 · Score: 2
  
  There's that. There other issue is that every biometric system requires the computer to make a judgment call. A facial recognition system has to guess it's you within a [insert-threshold-here] degree of confidence. That confidence level will never be 100%. A password and physical tokens are the only mechanisms that inherently have absolute yes/no thresholds. Before you start challenging this, I'm not considering the "spoofability" of any of these methods. Of course, physical tokens can be stollen or lost, passwords can be shoulder surfed or guessed. Biometrics have been repeatedly demonstrated to be quite spoofable.
  
  --
  This is a boring sig
13. Re:but you can change a password by Immerman · 2012-07-27 06:40 · Score: 2
  
  It depends on the security system - in a highly secure environment where guards or even just an alert receptionist is justified, biometrics do in fact offer a significant additional layer of security. It's only when used on their own that they fail spectacularly.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
14. Re:but you can change a password by motorhead · 2012-07-27 06:53 · Score: 0
  
  Ha - you said "buttock"
  
  --
  Employee Of the Month - Cyberdyne Systems Corporation - September 1997
15. Re:but you can change a password by gweihir · 2012-07-27 14:44 · Score: 1
  
  Exactly.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
"Protect themselves?" by hotdiggity · 2012-07-27 01:33 · Score: 5, Insightful

“Biometrics is something that’s used by governments, it’s used by ‘Big Brother’ to keep an eye on us and we want to change that,” says Mr. McNulty. “We think biometrics is something that can be actually used by the people and it becomes their technology that they use to protect themselves.”
...
The best way for me to protect myself with biometrics...is to keep the details of my biometrics out of any government or private company's database, thank you very much.
1. Re:"Protect themselves?" by XxtraLarGe · 2012-07-27 02:07 · Score: 1
  
  The best way for me to protect myself with biometrics...is to keep the details of my biometrics out of any government or private company's database, thank you very much.
  Too late. Either they already have it, or they can get it without your knowing they got it.
  
  --
  Taking guns away from the 99% gives the 1% 100% of the power.
2. Re:"Protect themselves?" by Anonymous Coward · 2012-07-27 02:34 · Score: 0
  
  You got it.
3. Re:"Protect themselves?" by Anonymous Coward · 2012-07-27 04:10 · Score: 0
  
  The industry goal, and mainly in banking and money transaction, is to make YOU responsible 100% of what happen with your money THEY supposedly keep safe... The more complex the authentication process (2 level id, long password, now biometric), the more complex it is for YOU to prove you got stolen and so they don't pay you back in case of fraud. With fingerprint, yes you hack the USB bus or make a gummy print of your finger, which in the second case will require your collaboration (unless you're at GuatMo). For now, insurance in banking industry still cheaper than developing complex security with biometric because they charge you for it anyway :), so we are at peace. Some ATM are working as beta with Iris in Emirates for some years, and never got wild because it's still quite lame in mass authentication (to many issue in the reading)... When you reject 0,0001% of transactions, that make millions of unhappy costumer worldwide!
Brain-damaged by Anonymous Coward · 2012-07-27 01:33 · Score: 3, Interesting

Let's see. Easy to fake. Impossible to revoke. Ripe for abuse. No duress password. How is this going to protect anybody or anything? At some point, convenience trumping everything else is going to lead to a lot of INconvenient situations.
1. Re:Brain-damaged by 19thNervousBreakdown · 2012-07-27 01:41 · Score: 1
 
 Not to worry!
 
 "We think we'll be the only technology that's 'spoof-proof,'" says Scott McNulty, president and chief executive of BIOPTid Inc.
 
 --
 <xml><am><so><damn>Web 2.0</damn></so></am></xml>
2. Re:Brain-damaged by Jeremiah+Cornelius · 2012-07-27 01:57 · Score: 1
 Easy to fake.
 Impossible to revoke.
 Ripe for abuse.
 No duress password....
 PROFIT!
 --
 "Flyin' in just a sweet place,
 Never been known to fail..."
3. Re:Brain-damaged by gweihir · 2012-07-27 02:02 · Score: 2
 
 No way in hell. And I just had some other company representative claim the same thing here a few weeks ago. After careful examination, this claim turned out to be bogus, but it looked good on the surface. I almost felt sorry for the guy, making such claims in front of an audience of skeptic security experts is not a path to happiness.
 
 --
 Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:Brain-damaged by Joce640k · 2012-07-27 02:17 · Score: 3, Insightful
 
 Let's see. Easy to fake. Impossible to revoke. Ripe for abuse. No duress password. How is this going to protect anybody or anything? At some point, convenience trumping everything else is going to lead to a lot of INconvenient situations.
 You forgot one: We leave copies of them behind us wherever we go (DNA, fingerprints...).
 
 --
 No sig today...
5. Re:Brain-damaged by arth1 · 2012-07-27 02:24 · Score: 2
 
 Let's see. Easy to fake. Impossible to revoke. Ripe for abuse. No duress password.
 And not static either - there are examples of people's fingerprints or retina pattern changing, and medical conditions can occur that makes taking samples impossible. Even DNA isn't necessarily good enough, as identical twins and other clones may share the DNA, while someone having received genetic treatment might not.
 So there has to be a backup way to authenticate, in which case the backup way can be more useful to use in the first place.
6. Re:Brain-damaged by 19thNervousBreakdown · 2012-07-27 02:26 · Score: 3, Insightful
 
 Almost though, right? Because honestly, it's an insane claim. Your sensors are measuring an image, we can make very convincing images. Make your sensor fancy, have it measure heat. We can generate heat to incredibly precise degrees faster than you can blink. Heartbeat, capacitance, translucency, these are all child's play once we know what you're looking at. Since your sensors are almost surely of lower resolution than we're capable of reproducing, the key is the algorithm.
 Now this? Sweat glands? We can make Blu-Rays, but you don't think we can spoof a sweat gland to the precision that you're measuring it? Please.
 My ears will perk up in interest if or when a biometrics company claims that they're measuring an effect we're unable to reproduce. Create a biometric system that authenticates based on the subjective experience of consciousness. Now that's biometrics.
 
 --
 <xml><am><so><damn>Web 2.0</damn></so></am></xml>
7. Re:Brain-damaged by hoggoth · 2012-07-27 02:34 · Score: 2
 
 Its called the Turing Test.
 You are in the desert, you see a tortoise lying on his back in the hot sun. You recognize his plight but do nothing to help. Why?
 
 --
 - For the complete works of Shakespeare: cat /dev/random (may take some time)
8. Re:Brain-damaged by azalin · 2012-07-27 02:35 · Score: 1
 
 Even easier: Just record the reading and bypass the sensors directly. Biometrics is ok as PART of a security system under supervised conditions. But as a standalone unsupervised solution it sucks and is easy to cheat.
9. Re:Brain-damaged by 19thNervousBreakdown · 2012-07-27 02:49 · Score: 1
 
 Now we're getting somewhere! Now, this test only works if administered by a human, which runs counter to the purpose of having a device, and the specific question will only authenticate that the subject is human, not a specific human, but hey, it's a start.
 It's a tricky question though. What is a part of a human, unique for every individual, that we can reliably read often enough that it can be error-corrected, fast enough to be practical, by a device that is cheap enough to be worth the cost of the security it provides, that we can't reproduce?
 
 --
 <xml><am><so><damn>Web 2.0</damn></so></am></xml>
10. Re:Brain-damaged by dkleinsc · 2012-07-27 02:54 · Score: 1
 
 You are in the desert, you see a tortoise lying on his back in the hot sun. You recognize his plight but do nothing to help. Why?
 1. Tortoises and turtles can bite.
 2. Tortoises are generally quite capable of recovering from being flipped on their back. Natural selection and all that.
 
 --
 I am officially gone from /. Long live http://www.soylentnews.com/
11. Re:Brain-damaged by 19thNervousBreakdown · 2012-07-27 02:55 · Score: 1
 
 If you can read the sensor's output, and inject your own input, you can defeat any system. A keyboard is a sensor too, and just as vulnerable to what you've described.
 There are ways to protect against that when it's warranted, but I don't think it has anything to do with biometric systems in particular. If we're going to debate the relative worth of authentication systems, we need to first assume that the system's communication with its host is secure, or they're all exactly the same--worthless.
 
 --
 <xml><am><so><damn>Web 2.0</damn></so></am></xml>
12. Re:Brain-damaged by Anonymous Coward · 2012-07-27 03:35 · Score: 1
 
 Its called the Turing Test.
 You are in the desert, you see a tortoise lying on his back in the hot sun. You recognize his plight but do nothing to help. Why?
 Tell me about your mother...
13. Re:Brain-damaged by Immerman · 2012-07-27 06:52 · Score: 1
 
 Me, I'd flip the tortoise.
 1) It's usually quite simple to flip a tortoise while keeping your fingers safe, that shell severely restricts it's range of motion.
 2) Sure, but just like when you're trying to wrestle a sofa up a flight of stairs, a little help from a random passerby is likely to be appreciated. Then again I've met plenty of folks that wouldn't consider engaging in a random act of kindness even for other humans.
 
 --
 --- Most topics have many sides worth arguing, allow me to take one opposite you.
14. Re:Brain-damaged by Carnildo · 2012-07-27 08:51 · Score: 2
 
 If you can read the sensor's output, and inject your own input, you can defeat any system. A keyboard is a sensor too, and just as vulnerable to what you've described.
 Biometrics are more vulnerable to this than passwords are, in two ways:
 1) You can enter a password into a remote terminal and have it be verified against a central database without ever transmitting the password in either direction (see challenge-based authentication protocols). You can't do this with biometrics: verification consists of comparing the measure against the database entry and determining that the two match to within the desired degree of precision, and this requires transmitting the measured values to the database.
 2) The average user does not leave their password on every surface they touch. In order to inject a password into a compromised reader, the attacker needs to record it from a compromised reader. Biometrics can be obtained through any number of methods that don't involve a compromised reader.
 
 --
 "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
15. Re:Brain-damaged by 19thNervousBreakdown · 2012-07-27 09:46 · Score: 1
 
 Biometrics are more vulnerable to this than passwords are, in two ways:
 1) You can enter a password into a remote terminal and have it be verified against a central database without ever transmitting the password in either direction (see challenge-based authentication protocols). You can't do this with biometrics: verification consists of comparing the measure against the database entry and determining that the two match to within the desired degree of precision, and this requires transmitting the measured values to the database.
 You have a fundamental misunderstanding here. Sending a hash for near-matching in the way you describe is absolutely possible. See MusicBrainz for an off-the-top-of-my-head example, but a fuzzy hash is a very basic thing, and already done all over the place.
 
 2) The average user does not leave their password on every surface they touch. In order to inject a password into a compromised reader, the attacker needs to record it from a compromised reader. Biometrics can be obtained through any number of methods that don't involve a compromised reader.
 Strawman. While correct, you're disputing something that I was not trying to argue, and I certainly wasn't trying to argue that fingerprint scanners are secure in anyway. A review of the post you replied to will show that it wasn't even implied, so if you read that, that's on you. What I was trying to argue is that the wire is irrelevant to the security of biometrics versus the security of any other system that also must have a wire.
 
 --
 <xml><am><so><damn>Web 2.0</damn></so></am></xml>
Place bunghole on reader by HangingChad · 2012-07-27 01:33 · Score: 1, Interesting

human fingerprints, faces and eyes and even sweat glands and buttock pressure.
A fellow programmer and I used to joke about developing a bunghole scanner for identification. Not so funny now, is it?

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
1. Re:Place bunghole on reader by Anonymous Coward · 2012-07-27 01:39 · Score: 0
  
  As long as it's only a scanner and not a probe.
2. Re:Place bunghole on reader by Anonymous Coward · 2012-07-27 01:54 · Score: 0
  
  Most Mac users would be fine with a probe.
3. Re:Place bunghole on reader by Anonymous Coward · 2012-07-27 02:03 · Score: 0
  
  Watch out for that proprietary connector, it's a little .. wider .. than a standard connector.
4. Re:Place bunghole on reader by gweihir · 2012-07-27 02:04 · Score: 2
  
  Then, if you get a Hemorrhoid, figurative PITA will be added to the literal one because you cannot log-on anywhere anymore.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
5. Re:Place bunghole on reader by CanHasDIY · 2012-07-27 02:20 · Score: 1
  
  Watch out for that proprietary connector, it's a little .. wider .. than a standard connector.
  No worries, it has rounded corners.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
6. Re:Place bunghole on reader by azalin · 2012-07-27 02:42 · Score: 1
  
  I'm afraid round corners are patented by the fruit. But there is another proven design by a certain Vlad Tepes who's original copyright has already expired.
7. Re:Place bunghole on reader by azalin · 2012-07-27 02:43 · Score: 1
  
  Wasn't there a south park episode about a certain high speed mono-wheel bike?
8. Re:Place bunghole on reader by Agent0013 · 2012-07-27 02:49 · Score: 1
  
  human fingerprints, faces and eyes and even sweat glands and buttock pressure.
  A fellow programmer and I used to joke about developing a bunghole scanner for identification. Not so funny now, is it?
  That's nothing! When I first looked at the above quote I read it as "human fingerprints, feces and eyes". Now that would be an interesting bio metric scanner.
  
  --
  
  -- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
9. Re:Place bunghole on reader by s.petry · 2012-07-27 04:52 · Score: 1
  
  Probes should only be used for diagnosing medical issues (see Idiocracy for the reference)
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
10. Re:Place bunghole on reader by Immerman · 2012-07-27 07:00 · Score: 1
  
  Nope - all corners, no rounding, and now approved as the primary authentication method for all official government interactions.
  And people still welcomed the change until they realized that it didn't actually reduce the existing B.S. they had to go through.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
Failure? by theJML · 2012-07-27 01:35 · Score: 4, Interesting

We have fingerprint readers here. Sometimes, they don't recognize my finger. It's still my finger, but there's nothing i can do to convince it it's me, so I'm stuck and can't do my job until it decides to let me in. Face recognition is the same way. There's no way I can change my face, or alter my fingerprint to make it work, so I basically am just screwed. If there's any chance of that with this, there's no way I want it.

--
-=JML=-
1. Re:Failure? by Greyfox · 2012-07-27 01:43 · Score: 1
  
  Climbing putty has become popular in my workplace. The other day I noticed that the stuff takes a fingerprint better than anything else I've ever seen. I'm curious whether I could imprint my fingerprint on a piece of putty and if that would fool a fingerprint scanner. The stuff deforms very easily and quickly loses its shape so I don't think there would be security issues with it, but it would be kind of nifty if that were the case.
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
2. Re:Failure? by Anonymous Coward · 2012-07-27 01:53 · Score: 0
  
  Gummy bears.
  Biometrics has some potential advantages, but also some really surprising weaknesses. Fingerprint scanners can be tricked by proper application of a gummy bear, and aging or (more suddenly) injury can sufficiently deform any detail structure to the point where the old record is worthless.
3. Re:Failure? by azalin · 2012-07-27 02:46 · Score: 1
  
  Gummy bears.
  Biometrics has some potential advantages, but also some really surprising weaknesses. Fingerprint scanners can be tricked by proper application of a gummy bear, and aging or (more suddenly) injury can sufficiently deform any detail structure to the point where the old record is worthless.
  There was an article on slashdot a while back on creating finger dummies from gummy bears. It worked very well it seems.
4. Re:Failure? by Anonymous Coward · 2012-07-27 03:56 · Score: 0
  
  I once had my fingerprints taken for a defense lab security clearance. I had bad psoriasis on my fingertips at the time so my skin was thick and almost totally smooth. I told the woman my prints would be useless but she didn't seem to care. They ended up with a set of blank prints and once my skin healed they would never match.
5. Re:Failure? by deroby · 2012-07-27 04:13 · Score: 1
  
  Actually, you CAN change your face... you just probably don't want too.
  But say that you happen to have an accident and it caused irreversible damage to your face, would that than also mean you no longer can open any locked files on your computer ?
  Sounds like we'll always need a back-door somehow to catch those situations... but OTOH we started using biometrics to close that back-door in the first place ....
  (disclaimer, I did not read the article)
  On a side note, every time I see something about biometrics come by I have to think about GATTACA (great movie btw) and how 'easily' the protagonist circumvented those biometric checks only to have been 'discovered' all along because he peed using the wrong hand.
  
  --
  If there is one thing to be learned on slashdot, it has to be sarcasm.
Useless by Anonymous Coward · 2012-07-27 01:36 · Score: 0

It seems like every week there is another story about bio-metrics being defeated.
And how much time is it really saving anyone? They have to build in so much tolerance for variations in these bio-metrics that I don't think you can ever make it completely fool proof.
Re:First chance at a first post by Anonymous Coward · 2012-07-27 01:36 · Score: 0

How is rain on your wedding day ironic?
biometrics will be broken ... by RichMan · 2012-07-27 01:37 · Score: 3, Insightful

Scan the eyeball it has a deep 3d structure that is unique: opps,
Researchers create synthetic iris that can defeat eye-scanning security systems:
http://www.theverge.com/2012/7/26/3188518/synthetic-iris-scanning-security.
See all the ways to cheat on drug piss tests ....
If it is a system, it can be hacked. No system should ever take validation as 100% proof.
'We think biometrics is something that can be actually used by the people and it becomes their technology that they use to protect themselves.'"
This from the banking system that brought us 4 digit PIN codes that were considered perfect validation. *sigh*
1. Re:biometrics will be broken ... by Anonymous Coward · 2012-07-27 03:54 · Score: 0
  
  Biometrics suffers from this simple fact. It is a password that never changes and which can be copied. It can be tricked by many methods and it is simply wrong to use it for anything. The local grocery store started out some years back with a fingerprint scanner for accessing bank accounts for payment similar to a debit card. The process worked for a while until (you guessed it) somebody copied a finger print....
Back in the olden days by sl4shd0rk · 2012-07-27 01:38 · Score: 1

You just got mugged for your wallet.

--
Join the Slashcott! Feb 10 thru Feb 17!
Change password by Anonymous Coward · 2012-07-27 01:38 · Score: 1

I can get a new password if it is compromised, it's a lot harder to get new Biometrics.
1. Re:Change password by Anonymous Coward · 2012-07-27 01:52 · Score: 1
  
  Simple: You don't use your body to authenticate, but someone else's. If compromised, you just replace that one.
  Finally, a new job for unlearned people: Serve as living password! However, password stealing won't be pretty ...
Re:First chance at a first post by Anonymous Coward · 2012-07-27 01:44 · Score: 0

It's ironic because you begin expelling flatulence out of your very own asshole at an exponential rate!
Biometric System I'd Like to See by Greyfox · 2012-07-27 01:45 · Score: 3, Funny

I'd like to see a biometric system that forces you to perform a little dance in order to authenticate. That would be pretty funny.

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
1. Re:Biometric System I'd Like to See by drinkypoo · 2012-07-27 01:57 · Score: 0
  
  I'd like to see a biometric system that forces you to perform a little dance in order to authenticate. That would be pretty funny.
  Let's just hope nobody ever tries to implement a system that requires you to also "make a little love". I'm imagining the implementation winding up something like Boong-Ga Boong-Ga.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:Biometric System I'd Like to See by azalin · 2012-07-27 02:48 · Score: 1
  
  I suddenly get the image of teledildonics as an authentication device. *shudder*
Biometrics are not a complete security solution by dkleinsc · 2012-07-27 01:46 · Score: 1

A few ways to crack biometric scanners:
1. Create a physical duplicate of the biometric info good enough to fool the machine, e.g. a rubber thumbprint.
2. Attack not the scanner, but the wire that runs from the scanner to the computer that will analyze the results: Copy the data sent down the wire on a successful scan, and send that data down the same wire to get in.
3. Attack the software that analyses the biometrics to always report "pass".
They're useful, but they aren't unbeatable.

--
I am officially gone from /. Long live http://www.soylentnews.com/
oops, someone wrote a clueless article again by slashmydots · 2012-07-27 01:46 · Score: 5, Insightful

I guess yet another author has fallen victim to not knowing what the hell they're talking about again. Our technology isn't good enough to do true biometrics. Any system like he outlined is a glorified fingerprint scanner. It's not a magical device that "senses" your finger. Any biometric device takes some set of 0's and 1's and compares it to other 0's and 1's and if they match to a certain degree, it's approved. That means any of them can be faked to be close enough or hacked to approve wrong data.

Fingerprints are an image file compared to another image file. Iris scans are an image file taken by a camera and compared to another image file. Face recognition is the same. All three of those are infinitely more fake-able than a password.

To get my money now, you have to get it out of my wallet. Good luck. To fake my face, they need to take a picture of my face. That's a bit easier. To fake my fingerprints, they need to get a hold of my fingerprints and I definitely leave those in more places than my wallet. You may recall that the Mythbusters made a laser printed fingerprint on a $100 laser printer, licked it, and got past a top of the line $1000+ fingerprint reader. To fake my iris, they need a closeup of my face, also not so difficult. There really isn't any biometric data that's good enough right now to be used in financial transactions short of a DNA sequence and I'm not giving them a DNA sample and waiting weeks to buy a bagel.
1. Re:oops, someone wrote a clueless article again by SirGarlon · 2012-07-27 02:20 · Score: 3, Insightful
  
  If you follow the tech industry long enough, all the hype gets recycled and comes back in slightly regurgitated form later. For example, "thin clients" (the Next Big Thing in 1997) and "cloud" (the Next Big Thing in 2007).
  Biometrics were all the rage in the late 1990s, when people were starting to recognize how problematic passwords could be. The enthusiasm died out quickly. Parent has outlined the main reasons why: they're easier to spoof than might first appear, and to use biometrics in authentication requires biometric data to be transmitted and stored (and therefore subject to compromise).
  I think face recognition technology is starting to change the tech industry, but not in a good way. It's not used for authentication. It's used for automated surveillance and tracking. *That* is the future of biometrics.
  
  --
  [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
2. Re:oops, someone wrote a clueless article again by Anonymous Coward · 2012-07-27 02:23 · Score: 0
  
  You may recall that the Mythbusters made a laser printed fingerprint on a $100 laser printer, licked it, and got past a top of the line $1000+ fingerprint reader.
  We did this as an assignment for Computer Security Lab class on the Uni. It's really easy. :)
3. Re:oops, someone wrote a clueless article again by slashmydots · 2012-07-27 03:54 · Score: 1
  
  Well, at least HP could realistically be an option for manufacturing technology like that and then at least if you're black, it won't detect you
4. Re:oops, someone wrote a clueless article again by Anonymous Coward · 2012-07-27 04:50 · Score: 0
  
  The end-game here is the banks, the tax collectors, and the govt want to get rid of cash, while at the same time "monetizing" absolutely everything. Including you. *That's* why this keeps coming up. Plus the guys selling all the gear to banks and retailers will make out like, well, bandits.
  You are property, Eloi slave, drooling over your X-box, twitfacing away. Enjoy your worry-free life. We'll let you know when we "need" you.
  Sincerely,
  The Morlocks
Re:First chance at a first post by Anonymous Coward · 2012-07-27 01:46 · Score: 0

In the same way a pop song can seemingly redefine a word.
Change password? by stanlyb · 2012-07-27 01:47 · Score: 1

I just wonder, how one is supposed to change his password? Or if you become sick, would you be still a valid password? Or if your left leg is cut, are you going to be cut from your banking account too?
".....Sorry sir, your password is invalid, your hash function needs to be certificated again..."
Re:First chance at a first post by Anonymous Coward · 2012-07-27 01:49 · Score: 0

It is implied situational irony; it would be situational irony if the one rainy day in a dry summer was your wedding day, for example. Artistic license might lead one to not fully spell that situation out, instead leaving it to the intelligent reader or listener to imagine the events that might make the situation ironic.
very cost effective by Anonymous Coward · 2012-07-27 01:49 · Score: 0

I'm sure it's very cost effective, too! Why, if your fingerprint gets stolen (ouch) or faked, you just need to pay to get a new one carved onto your hand!
If your eyes are stolen or faked (an article earlier this week!) you can go and buy yourself a new original iris from the same guys!
Does using cards and PINs really cause so many problems that this would successfully resolve? And wouldn't something to scan these sorts of things be much more expensive and error prone that a cheap card scanner?
Re:First chance at a first post by Anonymous Coward · 2012-07-27 01:53 · Score: 0

What if I live in a place without dry summers and thus rain is a relatively normal occurrence. Would said intelligent reader/listener need to research the cultural background of the poster before attempting to infer the meaning? Perhaps cultural background relevant to understanding should be passed as some form of metadata with the joke?
Oh geez. by JustAnotherIdiot · 2012-07-27 01:55 · Score: 1

buttock pressure.
That machine better be self cleaning, and do a fantastic job at such.

--
What do I know, I'm just an idiot, right?
ohh bugger by BlindRobin · 2012-07-27 02:01 · Score: 1

I thought this was about Geordie football...
Hmm by Lord+Lode · 2012-07-27 02:01 · Score: 1

My eye's iris, which is always visible, is easier to copy than a key or card in my pocket.
I think biometrics offer higher convenience, but lower security.
Am I right
1. Re:Hmm by azalin · 2012-07-27 02:59 · Score: 1
  
  My eye's iris, which is always visible, is easier to copy than a key or card in my pocket.
  I think biometrics offer higher convenience, but lower security.
  Am I right
  I'm not even sure about the higher convenience. Biometrics can change or become unreadable enough trigger a false negative. Manual labor, chemicals, minor cuts or activities like rock climbing can easily change your fingerprints enough to become unreadable. What happens next? The can't just hand you a spare hand or reset your password. Iris scanner? No more contact lenses, better not get an eye infection, please place your face exactly at the same places where that guy with the running nose was seconds ago...
2. Re:Hmm by cusco · 2012-07-27 06:46 · Score: 1
  
  Actually iris scanners have gotten a lot better in the last couple of years. The AOptix scanner, a couple of which I've installed, is quite convenient. Stand anywhere in a circle about a meter and a half radius, centered two meters from the scanner, and it will enroll both irises within 1-4 seconds. To request access read your key card and just glance at the scanner. It will match whichever iris it encounters first, generally within one second, and if that iris is correlated with the card you presented you get access (assuming you have access to that door, of course). No more shoving your eyeball into a cold metal ring and waiting 30 seconds.
  
  This is the correct way to use biometrics, as a secondary authentication measure. It's not hard to get a picture of an iris, it's not impossible to steal or forge a key card, but it is more difficult to acquire both items.
  
  --
  "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
Identification != Authentication by Anonymous Coward · 2012-07-27 02:03 · Score: 5, Insightful

Identification is the process by which the identity of a user is established, and authentication is the process by which a service confirms the claim of a user to use a specific identity by the use of credentials (usually a password or a certificate).
All biometric systems only do identification. It's about time everyone gets what biometric really is: A FANCY USERNAME.
1. Re:Identification != Authentication by Anonymous Coward · 2012-07-27 02:54 · Score: 0
  
  An excellent writeup at Microsoft:
  http://technet.microsoft.com/en-us/library/cc512578.aspx
2. Re:Identification != Authentication by Anonymous Coward · 2012-07-27 03:59 · Score: 0
  
  Actually, Identification is a one to many open search (are you in my DB!? - HIT or NoHIT) and Authentication is a validation (are you "Barnabe J."!? - YES or NO). Biometric can be used for both, and both are hackable and have ways around in iris, fingerprint, etc.
3. Re:Identification != Authentication by rastoboy29 · 2012-07-27 07:05 · Score: 1
  
  Nice.
  
  --
  expandfairuse.org
EPIC FAIL! How is this secred or changeable?? by Anonymous Coward · 2012-07-27 02:09 · Score: 0

The whole point of a password, is that only you know it!
But with biometrics, everyone can find them out, if he wants.
And every time some retard presents such a device, somebody makes a laughing stock out of him, by making a copy of his biometrics, and doing funny stuff with it.
Then, the inventor can't even change his "password" and the news quickly die off.
Until the next retard comes along.
1. Re:EPIC FAIL! How is this secred or changeable?? by Anonymous Coward · 2012-07-27 03:45 · Score: 0
  
  The whole point of a password, is that only you know it!
  And most are easy to bypass, thanks to many businesses using easy to discover "secret questions" as a recovery method.
  Biometrics are another instance of the same thing, the result of greedy companies being too lazy to actually put forth any effort to secure things.
Required reading by pesc · 2012-07-27 02:12 · Score: 2

If you think biometrics is useful for unsupervised authentication, please read this:
http://www.schneier.com/crypto-gram-9808.html#biometrics
http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/
Your fingerprints are not secrets.

--

)9TSS
This Summary Reads Like A Press Release! by TheSpoom · 2012-07-27 02:16 · Score: 3, Insightful

You know, I'm OK with the occasional bad link or poorly researched story, but could we avoid regurgitating obvious press releases from private companies? Look, editors, I really, really rarely complain about you guys, but we do expect at least a little bit of work in filtering and, you know, editing stories.

--
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
1. Re:This Summary Reads Like A Press Release! by TheSpoom · 2012-07-27 02:18 · Score: 1
  
  I hate to say it but it totally doesn't surprise me, now that I look, that the editor in question is timothy. *sigh*
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
2. Re:This Summary Reads Like A Press Release! by Anonymous Coward · 2012-07-27 05:07 · Score: 0
  
  Not sure if they are doing themselves a favor in this case because of the negative comments will show up on google.
Dilbert was here! by Anonymous Coward · 2012-07-27 02:18 · Score: 0

Dilbert comic strip for 07/01/2012 from the official Dilbert comic strips archive.
Greenlight that baby! by paiute · 2012-07-27 02:23 · Score: 1

The whole body is now the password? I think this will kick that Weekend at Bernie's 3 development into high gear.

--
If Slashdot were chemistry it would look like this:Cadaverine
No Biometrics please ! by Pieroxy · 2012-07-27 02:25 · Score: 1

Biometrics is the most stupid way of authenticating anyone. As soon as someone is able to fake your credentials (and so far it's always been simple - fingerprints, face recognition, etc) you're 0wned. Because you cannot change your credentials. Because your credentials are you.
So biometrics for authentication is a no-no. Only clueless executives can realistically push this forward.

--
Write boring code, not shiny code!
Bank of America already has an answer for that by Anonymous Coward · 2012-07-27 02:31 · Score: 1

Not totally. If the biometric fingerprint is verified under controlled conditions (i.e. a competent person supervising it).
What about people who don't have fingerprints?
According to Bank of America, the correct procedure is to refuse to cash a check from an armless man because he doesn't have any fingerprints. http://consumerist.com/2009/09/bank-of-america-asks-armless-man-for-thumbprint.html
how to keep germs from spreading by Anonymous Coward · 2012-07-27 02:51 · Score: 0

When I get sick, my body reacts and starts to fight the infection. If the front door of the building won't let me in because it doesn't recognize me (temperature, etc), wouldn't that make this advance the first thing that should be installed everwhere.
Oh wow by Charliemopps · 2012-07-27 02:51 · Score: 1

I guess hackers are ruined... no ones ever been able to software replicate a security dongle. If they had, there'd be copies of professional audio/video/photo editing software all over the pirate bay! Oh wait...
accessibility by Anonymous Coward · 2012-07-27 02:53 · Score: 0

so what happens to people with no fingers, or merely the "correct" one missing? I mean, these people exist, why do all biometric systems seem to rely on everybody having certain attributes, which not all humans have?
Can't wait for a biometric security device needing a penis to log on
Apocalypse by Anonymous Coward · 2012-07-27 02:54 · Score: 0

Mark of the beast?
not easy to fake by Anonymous Coward · 2012-07-27 03:19 · Score: 0

it will not be easy to fake by this way i think..
fiyat
Comment removed by account_deleted · 2012-07-27 03:19 · Score: 1

Comment removed based on user account deletion
Re:First chance at a first post by Anonymous Coward · 2012-07-27 03:45 · Score: 0

The same as a free ride when you've already paid.
Unscannable! by Anonymous Coward · 2012-07-27 03:46 · Score: 0

Why come you don't have a tattoo?
Eyeball, fingertip for sale, 1 owner, gd cd. by Anonymous Coward · 2012-07-27 04:08 · Score: 0

not to mention easily enough forged, absent patent, copyright claims.
Can't realize legality anymore than you can legislate reality. Both are why the money is worthless anyway.
1. Re:Eyeball, fingertip for sale, 1 owner, gd cd. by Anonymous Coward · 2012-07-27 05:18 · Score: 0
  
  Correction. You can realize legality, with force or the threat of force. Basically, you just need men with guns. Which has consequences, typically unwanted ones, particularly when the citizenry is also armed and can resist. Which is why they keep bringing this up trying to sell it to us with breathless appeals to saviour tech, every time the find a new clueless journalist and think they've dumbed down and distracted the populace sufficiently.
  BTW, Anybody else notice how "stuttering Aaron" just happened to walk in shotgun blazing right when the Gangster Squad trailer came on? Masterful timing, or just unbelievable coincidence? MK-Ultra, or Satanic magick? Have to ask maninblack. Harris and Kliebold dead, not talking.
  Nah, the UN treaty isn't about disarming the populace. Go back to sleep, folks.
  rgb
Why banking is not moving in Biometric by Anonymous Coward · 2012-07-27 04:21 · Score: 0

The industry goal, and mainly in banking and money transaction, is to make YOU responsible 100% of what happen with your money THEY supposedly keep safe... The more complex the authentication process (2 level id, long password, now biometric), the more complex it is for YOU to prove you got stolen and so they don't pay you back in case of fraud. With fingerprint for example, yes, somebody can hack the USB bus or make a gummy print of your finger, which in the second case will require your collaboration anyway (unless you're at GuatMo)... But it will get harder for you to prove you didn't provide the bio-information.
For now, insurance in banking industry still cheaper than developing complex security with biometric because they charge you cents for it anyway :) instead of dollars for a fingerprint reader @home, so we are at peace. Some ATM are working as beta with Iris in Emirates for some years, and never got wild because it's still quite lame in mass authentication (to many issue in the reading)... Which is another big issue with biometric Vs pin-code: when you reject 0,0001% of transactions because of failed authentication (didn't recognize you), that make millions of unhappy costumer worldwide and millions of dollars of missed transaction charges etc.!
Re:First chance at a first post by Eponymous+Hero · 2012-07-27 04:33 · Score: 1

or maybe alanis morrisette just sucks. that's always a possibility.

--
insensitive clod overlords obligatory xkcd car analogy russian reversals whoosh pedant fanbois ftfy in 3...2...1..PROFIT
Fail by Anonymous Coward · 2012-07-27 07:10 · Score: 0

The Human Barcode - worst Batman villain EVER!!!
Current biometrics are crap by Anonymous Coward · 2012-07-27 13:26 · Score: 0

With the current level of technology, biometrics are crap. Fingerprint scanners can be foiled by jello [[http://www.schneier.com/crypto-gram-0205.html#5]] (this article is a bit dated, but I can't find a similar article on Slashdot that I recall reading within the last couple of years), or by the previous users left over print [[http://www.stdot.com/pub/ffs/hack1.html]], or stollen by illicit long range scanning [[http://it.slashdot.org/story/12/06/21/1653202/have-your-fingerprints-read-from-6-meters-away]].
Current iris scanning technology is also crap [[http://science.slashdot.org/story/12/07/25/1827210/reverse-engineered-irises-fool-eye-scanners]] or [[http://tech.slashdot.org/story/12/05/26/0452215/a-wrinkle-for-biometric-systems-irises-change-over-time]].
Face recognition tech isn't much better [[http://it.slashdot.org/story/09/02/17/216216/researchers-hack-biometric-faces]].
I don't know about the scheme that uses infrared images of blood vessels under the skin, but I think that could get disrupted by physical injuries. Get mugged and get a black eye and your door will no longer open.
I'm sure that there is some technology that works, but it is not going to be cheap enough for everyday use for quite a few years yet. I don't think the government is going to allow banks access to IAFIS technology [[http://www.fbi.gov/about-us/cjis/fingerprints_biometrics/iafis/iafis]].