Swipe or Type?
You've heard the term Biometrics regarding the new iPhone releases recently. You know, you swipe your fingerprint to log in instead of typing a user name and password.
Your fingerprint is no secret. You leave it all over the place unless you routinely wear gloves. Using the finger print scan for logging in is seductive, quick and easy. But one worries about a long history of vulnerabilities.
Fingerprint readers are not all the same. Some are better than
others. Some merely check the ridges of your finger and can be fooled with a good photocopy. Other readers check pores, for a pulse and even body temperature. One claim is that somebody made a fake finger using the materials in Gummi Bears. Tasty.
I have a fingerprint reading system on my "old" Windows 7 laptop (you know,
the last regular old operating system that Microsoft produced before its current touch-screen-capable system that has caused a lot of, uhm, angst?). I've never used the finger print scanner. My Windows 7/HP laptop quit asking me if I wanted to use that in lieu of my user-name password a long time ago. True, I'm old fashioned, but I don’t need an armed guard standing by my laptop when I log in to ensure that nobody tries to fake entry with a Gummi Bear.
Do you know that I could use a photo image of your fingerprint to raise that pattern into a 3D object? That's what I do for a living—I create 3D objects—and I could use that 3D object to create a model in plastic materials using a now-common 3D printer that is not terribly expensive. Would I have access to your stuff via a finger print scanner? Possibly. It sounds crazy, but ingenuity is rampant in this country.
Then there's the possibility that the finger print scanner can be quirky and, while not allowing unauthorized persons access to your computing device it may not allow you, the owner, access either if it's not feeling well one day. That's bad if you use the device for important work and don't have time to fool around. I, for one, have not had trouble logging in the old fashioned way if I with the correct user name and password and I do log out of my equipment all the time.
I hear that there's a chance your print reader can fail to read your print in really cold weather or maybe when you have fish skin after a long bath or shower. What if you slice that finger long-ways and it takes time to heal? And does it get cold in Methow winters?
Can biometric authentication be hacked?
The real problem with this type of authentication may be what’s being unlocked by being able to log in. If someone hacks in, it may not be that big a deal other than
being able to make phone calls. But what if it gives access to much bigger data, access to a bigger building security leak—giving access to the keys of the
kingdom and your very worth? That’s something to think about in using the print readers vs. just plain old-fashioned user-name-and-password, good, solid, hard-to-hack, tough passwords.
The new iPhone releases may unlock the future use of fingerprint scanners/readers. They may become rock-solid security safe but for the moment there are questions about their use and hack-ability that should pique your interest.
Swipe or type—that's the question.
9/13/2013
|
