I love how in this day and age we feel that throwing technology at a
problem will solve our problems. The new trend seems to be biometric
authentication. Seems like a good idea to identify someone by some sort
of biosignature (usually a fingerpring) but from what I have seen and
heard quite easy to get around (just watch this
mythbusters vid).
Really if someone wants something bad enough they will get it. It is
easy to lift a fingerprint of off something you have touched. Would you
leave sticky notes with your password on it everywhere you go? did not
think so. Also if you really want to get into something you can always
cut of a persons finger (gruesome but it works... not that I know....
ummm... ya). Do some searches and you will find all sorts of
interesting fingerprint bypasses using things like photocopies of
fingers, playdough, laytex imprints, even shining a flashlight onto the
sensor has fooled readers into using the last imprint (because the oil
finger imprint is left on the glass)
Facial recognition has been quite the rage too. But it is a computer.
two similar looking people have been known to trick these systems as
well there are issues with people that have been in accidents not being
recognized (even a broken nose I have heard but can not seem to find
anything on). I also read that placing an image of a person you are
trying to impersonate can fool some readers.
Voice recognition.... well all I have to say about that is that I can buy a tape recorder. They also do not work in lw
Retinal and Iris scanning is expensive but in my mind one of the best.
Iris scanning works by taking an image of the iris (the colored part of
the eye) where retinal scanning works by reading the patterns of blood
vessels in the retina (the back of the eye) with a low intensity light
and comparing that to its database. It is hard to get an image of
someones eyes without them knowing. As well by removing the eye the
blood vessels apparently decay quite rapidly. Although fairly secure I
assume you could make a contact lense to fool iris scanners. I did not
find much about retinal scanners though but I wondered about building a
fake eye that would be basically a ball with a printout of the targets
retina glued to the back of it. Anyone want to send me a picture of
their retina?
Expiration is another technological issue. The biometric data is stored
in a database and hopefully encrypted. Now decryption takes a long time
but thats not a problem as your biometric data never expires. Your
fingerprint, retina, facial structure never change over the course of
your life so if your info got stollen 20 years ago and gets cracked
today you are still vulnerable. Interestingly enough your retinal blood
pattern does change as you get older (I am not sure as to what rate or
degree) so this might be another plus for retinal scanning
An interesting story I read a while back was about the implementation
of fingerprint reader lockers at the statue of liberty. So you put your
money in, run your finger over the sensor, and then it locks. This is
great as only the person that put the item into the locker can get it
out which is meant to cut down on trading items like drugs, cash,
weapons, etc. by giving someone the key to a locker. Great idea but the
problem was that now that you do not have a key with a little number on
it in your possession you forget which locker is yours leading people
to run around trying every locker. I don't know if they still have
these but it was turning into a logistical nightmare I know.
So thats my info about biometrics so far. From what I have read most
seem to be quite fallible (and if they are not yet they will be). I
think they are a great way to add security. By combining a biometric
system and a password works great. It is really hard to steal a
password from someones head which is why I think passwords are going to
be a factor in authenciation for a long time.
On a side note I have been hearing a lot about these "smart" passports
that have a chip in them. The chip contains biometric data about you
that customs/law enforcement/whover can use to verify that it is you.
Now I am no genius but how hard would it be to change the friggin
chip?!? If I was a criminal then I would be reprogramming that chip to
make me whoever. Also why not put a chip in but damage it so when you
go through customs they can not get a read off the fake chip and just
look at the information on the passport and wave you through.
Technology is always breaking down... why should your passport be any
different?