Face To Face With the 'Human Barcode'

silentbrad writes with this excerpt from the Financial Post: "Fast-evolving biometric technologies are promising to deliver the most convenient, secure connection possible between you and your bank account — using your body itself in place of all of those wallets and purses stuffed with cash, change and plastic cards. Biometrics is the science of humans' physiological or behaviourial characteristics and it's being used to develop technology that recognizes and matches unique patterns in human fingerprints, faces and eyes and even sweat glands and buttock pressure. Its applications in the financial realm are a potentially huge time and effort saver, but that's just a beginning for the technology's usefulness. ... [BIOPTid Inc.]'s One Touch cube, set to be on the market within a year, is an external device that users can hook up to their computers and mobile electronics to replace passwords for Internet logins and banking. The cube reads a personal sweat gland barcode to verify identity from the moisture on a user's fingertip. ... 'Biometrics is something that's used by governments, it's used by "Big Brother" to keep an eye on us and we want to change that,' says [BIOPTid chief Scott McNulty] 'We think biometrics is something that can be actually used by the people and it becomes their technology that they use to protect themselves.'"

but you can change a password

Once a biometric has been compromised (e.g., someone obtains a copy of your fingerprints), you're stuffed.

"Protect themselves?"

[hotdiggity]

“Biometrics is something that’s used by governments, it’s used by ‘Big Brother’ to keep an eye on us and we want to change that,” says Mr. McNulty. “We think biometrics is something that can be actually used by the people and it becomes their technology that they use to protect themselves.”

...

The best way for me to protect myself with biometrics...is to keep the details of my biometrics out of any government or private company's database, thank you very much.

oops, someone wrote a clueless article again

[slashmydots]

I guess yet another author has fallen victim to not knowing what the hell they're talking about again. Our technology isn't good enough to do true biometrics. Any system like he outlined is a glorified fingerprint scanner. It's not a magical device that "senses" your finger. Any biometric device takes some set of 0's and 1's and compares it to other 0's and 1's and if they match to a certain degree, it's approved. That means any of them can be faked to be close enough or hacked to approve wrong data.

Fingerprints are an image file compared to another image file. Iris scans are an image file taken by a camera and compared to another image file. Face recognition is the same. All three of those are infinitely more fake-able than a password.

To get my money now, you have to get it out of my wallet. Good luck. To fake my face, they need to take a picture of my face. That's a bit easier. To fake my fingerprints, they need to get a hold of my fingerprints and I definitely leave those in more places than my wallet. You may recall that the Mythbusters made a laser printed fingerprint on a $100 laser printer, licked it, and got past a top of the line $1000+ fingerprint reader. To fake my iris, they need a closeup of my face, also not so difficult. There really isn't any biometric data that's good enough right now to be used in financial transactions short of a DNA sequence and I'm not giving them a DNA sample and waiting weeks to buy a bagel.

Identification != Authentication

Identification is the process by which the identity of a user is established, and authentication is the process by which a service confirms the claim of a user to use a specific identity by the use of credentials (usually a password or a certificate).

All biometric systems only do identification. It's about time everyone gets what biometric really is: A FANCY USERNAME.