LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Biometrics for identification

Biometrics for identification

Posted Apr 3, 2008 3:10 UTC (Thu) by mgh (guest, #5696)
Parent article: Biometrics for identification 

With the theft of fingerprints from a database the way is open for a criminal to leave someone
elses finger prints at a crime scene.  Interesting.

The trouble with biometric passwords (eg. on laptops) is changing your password is challenging
(generally people have 10 "passwords") and stealing/forging your password (biometric info) is
trivial.

How people can think that a method used for identifying people who inadvertantly leave their
prints at a crime scene (ie. they didn't mean to) should become am alternative for a PASSWORD
is beyond me.

Maybe a scan and THEN a password would make slightly more sense?

(Log in to post comments)

Biometrics for identification

Posted Apr 3, 2008 10:08 UTC (Thu) by ayeomans (subscriber, #1848) [Link] 

> With the theft of fingerprints from a database the way is open for a criminal to leave
someone elses finger prints at a crime scene. 

Alternatively your lawyer could claim that one of a number of government agencies did it. And
they may not need to "steal" the data either.

Biometrics for identification

Posted Apr 4, 2008 17:13 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

The article implies that some people think a fingerprint is a password, but doesn't give any evidence of it. The idea never occurred to me. Are there security schemes or proposals that assume other people don't know my fingerprints?

I know there are schemes where I'm supposed to put my finger in a scanner and someone could circumvent it just by bypassing the scanner and supplying my fingerprint description. But that's not the same thing. The assumption there is that the data collection is trustworthy, not that nobody but me could know my fingerprint.

Biometrics for identification

Posted Apr 11, 2008 15:16 UTC (Fri) by robbe (guest, #16131) [Link] 

> Are there security schemes or proposals that assume other people don't 
know my fingerprints?

Have you never seen someone who unlocks his or her laptop with a 
fingerprint reader (and no password, i.e. one-factor authentication)? I 
bet that they think this is secure because their fingerprint is just like 
a password. Otherwise it is pretty worthless against semi-interested 
attackers.

I am starting to wonder how many laptops don't have the owner's 
fingerprints right there, on their surface...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds