Robert Hensing (MS Security Response) has an interesting article on this in his newly-created blog. His basic assertion is that we should all forget password complexity and just go for something long but simple to type. The spacebar opens a whole new dimension in uncrackable passwords, apparently.
Robert's blog is at http://blogs.msdn.com/robert_hensing/
I'm sure that's an over-simplified view. Most biometric devices make it impossible to reconstruct the original biometric scan from the 'hash'. Further, one would hope that things are arranged more like a public/private key pair, where your biometric is the public key. Capturing the public key still doesn't help you crack anything. Finally, the biometric signature can be used as a signing key to simply sign or augment another security token, such as a PIN or passphrase which can be changed at will.
Slashdot Mirror
Robert Hensing (MS Security Response) has an interesting article on this in his newly-created blog. His basic assertion is that we should all forget password complexity and just go for something long but simple to type. The spacebar opens a whole new dimension in uncrackable passwords, apparently. Robert's blog is at http://blogs.msdn.com/robert_hensing/
I'm sure that's an over-simplified view. Most biometric devices make it impossible to reconstruct the original biometric scan from the 'hash'. Further, one would hope that things are arranged more like a public/private key pair, where your biometric is the public key. Capturing the public key still doesn't help you crack anything. Finally, the biometric signature can be used as a signing key to simply sign or augment another security token, such as a PIN or passphrase which can be changed at will.