More multi-factor authentication

Still on the theme of biometrics, is today reporting that Aussies favour fingerprinting to prove ID online. The 'proof' comes from a Unisys Security survey of 1200 Australians. Now I haven't read the survey, but the news item also states: "Unisys...which provides organisations, including the immigration department, with biometric tests..."

Fingerprinting has many problems, some which I mentioned in yesterday's post, but others such as whether fingerprints are sufficiently unique to be used for authentication, how (and if) users will protect their fingerprints any better than they do their passwords and what happens if your fingerprints are compromised?

Fingerprints aren't hard to get, especially if you have physical access to the victim and their environment. For remote capturing, well all those fingerprints will have to be transmitted and stored somewhere, where they can be captured en masse or they just as vulnerable to phishing and man-in-the-middle attacks as passwords. Had all 10 fingerpirnts captured by the bad guys? Uh-oh! Even worse if they're used by law enforcement and immigraton as unique identifiers!

There are also great variances in the accuracy and the methods used for verification in different fingerprint readers. Having banks (or whomever) send out readers to all their customers goes back to the convenience factor I mentioend yesterday.

I think it will be a long time before we see fingerprinting as a common method of web authentication...

0 Response to "More multi-factor authentication"

Post a Comment

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme