| |||||||||||||
Biometrics for identificationBiometrics for identificationPosted Apr 3, 2008 15:37 UTC (Thu) by iabervon (subscriber, #722)Parent article: Biometrics for identification
"Revocation of a biometric identifier is difficult or impossibleĀif it is even known to be compromised." You're forgetting the Schneier's mantra. Biometric identifiers are always known to be as compromised as they can be. As soon as, or before, you use one for identification, it is compromised. Once anyone anywhere takes your fingerprints, or you touch some surface without wiping it off afterwards, somebody can get your fingerprints. It's meaningless to revoke a biometric identifier, because all of the possible replacements are also presumably known to potential attackers. The only security that comes from biometrics is the difficulty of making a convincing claim to really have the biometric (which ranges from very little for practically any automated device to quite high for a human).
(Log in to post comments)
Biometrics for identification Posted Apr 4, 2008 17:46 UTC (Fri) by giraffedata (subscriber, #1954) [Link] Both you and the article are starting from the assumption that a biometric identifier is a password, because that is the only way in which "compromised" means "known." Publishing a voiceprint does not compromise it as an identifier. Compromising it would mean someone somehow gets the ability to speak in that voice. (Maybe more believable would be that a bad guy finds a suitable voice double for a person of interest). Then you'd have to revoke it as an identifier, and yes, that would be a lot harder than revoking a compromised password.
|
|||||||||||||