Slashdot Mirror
Swallowing Your Password
HughPickens.com writes: Amir Mizroch reports at the WSJ that a PayPal executive who works with engineers and developers to find and test new technologies, says that embeddable, injectable, and ingestible devices are the next wave in identification for mobile payments and other sensitive online interactions. Jonathon Leblanc says that identification of people will shift from "antiquated" external body methods like fingerprints, toward internal body functions like heartbeat and vein recognition, where embedded and ingestible devices will allow "natural body identification." Ingestible devices could be powered by stomach acid, which will run their batteries and could detect glucose levels and other unique internal features can use a person's body as a way to identify them and beam that data out. Leblanc made his remarks during a presentation called Kill all Passwords that he's recently started giving at various tech conferences in the U.S. and Europe, arguing that technology has taken a huge leap forward to "true integration with the human body." But the idea has its skeptics. What could possibly go wrong with a little implanted device that reads your vein patterns or your heart's unique activity or blood glucose levels writes AJ Vicens? "Wouldn't an insurance company love to use that information to decide that you had one too many donuts—so it won't be covering that bypass surgery after all?"
But I do agree that passwords as a general thing are obsolete and dangerous.
The problem with this, and biometrics in general, is that there is only one you.
You can't revoke your "vein pattern" any more than you can revoke your fingerprint. Using your same biometric information for everything has the same pitfalls as using the same password for everything, and you are just one sketchy gas station away from someone getting a copy.
If you are going to implant something, why not implant a challenge/response system with a public/private key and strong cryptography, like you know, we've been doing on the internet with a good amount of success. A random very large number is just as good as any biometric information, and at least you can change it.
How are glucose levels unique? They fluctuate in relation to meals and time of the day? And as for heartbeat, there are many factors that alter the rate and rhythm, how would you use it as an encryption key/password if it is continuously changing. And you're up shit creek if you develop an arrhythmia and require insertion of a pacemaker.
Gives new meaning to "I can't find my password in all this shit"
by just swallowing this free, little pill.
Retards dream retarded dreams.
I have to engage luddite mode on this one. I use cash as much as possible, and don't feel I need to be tracked by everyone ever.
I know it's this paypal guy's wet dream, but it won't happen any time soon.
This has the same problem as any exclusively biometric technique -- the user can be compelled to give up their "password" merely by being physically present. "Something you have" can be taken, even if it's your still-living (for now) carcass. "Something you have" should always be supplemented with "something you know".
The summary rightly brings up privacy concerns but I'd also be concerned about the security of the transmitted data. Like RFID, the information can easily be snooped, and would have to be appropriately encrypted to be useful as credentials.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
or at least considering ID more like dogs. Really. I can just hear the 'mark of the beast' stuff out of the religious right heading this way. Biometrics have limits just like any other technology. I agree with what has been said in prior debates about this stuff. Perhaps the biometric data can be used as a public/private key system, with safeguards built into it, but changeable as needed to address advancements in hacking by individuals driven by greed, etc. This is the only deterrence we have left when it's all broken down into ones and zeros.
Badguy 1: "We need his fingerprint to break in"
Badguy 2: "Cut off his finger then!"
Badguy 1: "We need his heartbeat to break in"
Badguy 2: "Cut out his heart then! We've got a machine to keep it beating after removal."
Biometrics are only good so long as the device that reads your pattern is "honest." If you have to inject a device to read your biometric patterns, you could just as easily inject a device that pretends to read your biometrics, but actually copies someone else's.
from demolition man???
https://youtu.be/CbM--4-z0cs?t...
As a potential lottery winner, I totally support tax cuts for the wealthy
At best stomach acid is the electrolyte.
grumble grumble.
"Wouldn't an insurance company love to use that information to decide that you had one too many donuts—so it won't be covering that bypass surgery after all?"
Wouldn't that have to be spelled out in the policy wordings when the policy is taken out or renewed?
The heart bypass operation must be covered under the ACA (aka Obamacare). Insurance companies can no longer discriminate based on pre-existing conditions and can no longer impose a lifetime coverage cap.
That is not to say that the implant idea is a good one for a number of other reasons.
Like a good neighbor, fsck is there
And put it into a pipe. Unless it's really big and nasty, then the garbage collector has to dispose of it.
I know you young kids don't read the bible anymore, so let me quote something from Revelation for you.
"Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name. This calls for wisdom: let the one who has understanding calculate the number of the beast, for it is the number of a man, and his number is 666."
46137
How do you plan to make it secure? What would stop anyone from just reading the information off it? Can you even CHANGE the information on it? If yes, how do you prevent people from hacking it? How do you ensure it's not going to get lodged somewhere and become impossible to remove? Who will get to dictate the standards for how these things communicate? How do you revoke these things - that is, what happens if your internal information becomes public? Why are you measuring things that change with exercise or what food you eat, and are therefore never predictable? How do make sure that two people don't share the same sugar levels? How could you possibly imply that fingerprinting is "antique"? Fingerprints haven't changed at all in our human history. He's implying it's a product that is replaced every year.
The only thing that is "antiquated" here is this executive's buzzwords, which they clearly haven't put very much thought into.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
Many people don't have access to medical care now. What insurance company would pay for this? Their business model is to make money, not to care for patients.
So, how exactly do they propose to recover from a compromise of these kinds of systems where it's impossible to change the authentication data? And these systems will be compromised, history has taught us that. At least with a password or a certificate carried in a two-factor dongle I can change/reissue it and what the crooks have is no longer valid. I don't like systems whose failure mode in the event of a compromise is catastrophic.
Is the NHS. Universal heathcare is far from perfect, but it's also just the right thing to have in a first-world economy. Then you stay healthy for the right reasons, not because your insurer will abuse information about you.
She just grabs it from the table and slowly creeps up behind me and pushes it gently onto my thumb, and then runs away with an unlocked phone when i notice it...
The value of a password is that it is locked away in MY BRAIN until I choose to use it. These are not passwords, and neither is the button on an iPhone.
Good thing for the ACA that bands insurance company from doing stuff like. But guess what GOP letting the ER or even the jail / prison take up the slack when you get rid of the ACA will cost more then medicare / medicaid for all.
Not allowed under the ACA smokeing is the only thing they can bill you more for.
* If there is some allergic reactions workers comp may have to fit the bill to deal with it. Also the injury lawyers may also sue on half of the victim as well.
* religious rights lawsuits over this Mark of the beast / Shabbat? / others
* ownership issues?
* Who pays the costs
I'm all for interesting implants, but how much could we trust them?
"Laputan machine", anybody?
What if I left my body at home?
"I'm sorry, ossifer. But my car's transponder is powered by ethanol."
Have gnu, will travel.
This will result in unique identification of people. It is not for passwords, it is for identifying.
For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated.
Almost everyone in Europe already caries a secure cryptosystem in the Chip&Pin credit card. They're rolling out in the US. There's no reason that they can't be used to also hold a secure ID token. It's got all of the positive side effects of PKI, with multiple providers (banks and credit unions), allows you to have multiple identies (multiple cards), the possibility of trusted public key stores (banks sign and distribute public keys) and it doesn't have a single governmental agency distributing it.
with the mark of the Antichrist needed to buy or sell.
Now I ask you, in this day of surveillance, digital money and computerized oppression does that really seem all that far fetched?
"If any question why we died, Tell them because our fathers lied."
Now determined hackers will literally spill your guts to get what they want.
So let's everyone swallow a chip that constantly identifies them! That's how we can get those dirty stealing bastards!
When the copyright term is "forever minus a day", live every day like it's the last.
The biggest issue is that people taut these implanted devices as "safer" than any other alternative. Most of us here can see through the gag, but when they market to the masses will your great aunt have the same ability to know? Perhaps not.
Most here know that "Strong" authentication requires at least 2 of 3 (something you know, something you are, something you have) and not just one of them. Security experts prefer the something you have over something you are, because we can control and monitor that thing. Something you are can usually be forged easier than a Yubi/RSA key, because high grade biometric scanners are extremely expensive.
IMHO this is just the latest crazy attempt to get people implanted. Let's not kid each other, that is the goal.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Look at those marketdroids trying desperately to force-sell us their worthless gadgets.
You don't wanna buy it? Surely your insurance company has a word or to woth you!
This is possibly the most depressing pattern spreading around: the ones making the buy decisions are'nt those who will have to use the damned "product" -- be it office365, stupid ad-laden and malicious-code ridden web "pages", payment methods, and now in-body RFID crap.
Note: memorizing a hard password for me has a value beyond the eminently practical. It gives me the feeling to be in control and elevates me beyond the level of a heap of dumb cell ectoplasm.
(And no, the irony of the above paragraph doesn't escape me, that's why I've written it so pointedly. I am aware of the weaknesses of my security mechanisms, then there's rubber-hose cryptanalysis, yadda yadda. But there's some deep truth in there).
E, you're embeddable
I, you're injectable
M, you're a meatbag full of tech
systemd is Roko's Basilisk.
Biometrics have a number of easily enumerated drawbacks, like they're always there, irreplacable, and you have a limited set of them, all relatively easily faked., but it all boils down to you no longer having full control over your access tokens.
Yet people, companies, governments keep on pushing for them. Meaning, they're purposefully looking to swindle your control away from you.
.. people will shift from "antiquated" ..
Ah, "shift" - that wasn't what I thought I read the FIRST time..
Here in Finland we have the "social security number" as the "something you know" method. There are many places/services allowing you to do almost anything with the social security number plus some personal information (name, address etc.). "Something you know" is something you have, in reality. I see no big difference compared to biometric data. Other than biometric data can't be changed. And you don't need to remember you biometric data. Win-win situation?
Better to live in a country, where you don't need health insurance to get treated.
the automotive related intertubes discuss a new method of auto thefts which hypothetically involves using some sort of RF amp or repeater or such to amplify the signal from your key fob in your house to make your car think you're standing waiting to get in, for those cars which are nice enough to automatically unlock when you approach without buttons to push.
Star Trek transporters are just 3d printers.