Critical Security aspect??

[Rizmi]

This is really about the Fingerprint scanners and their usefulness...

Its pretty awsome, BUT how far are they secure? The softwares comes with them offer to avoid the difficulty (???) to enter usernames and passwords for web log-ons (email accounts, online banking) and windows system log-ons by just swiping finger....
They store the details as a password databank (or..??) in the PC. Are they secure enough in our PC or any chances of being hacked and end up with nothing?

Any ideas?

Thanx.

[Cellus]

Biometrics, specifically those of the fingerprint variety, can be fairly easily fooled and should not be depended on by itself. Infact almost all kinds of biometrics, with perhaps the exception of Iris biometrics, are fairly weak.

Biometrics is best used in conjunction with other authentication methods (multi-factor authentication) such as passwords. There are three kinds of authentication, and all of them can be combined one way or another to enhance security:

* Something you know (eg: passwords).
* Something you have (eg: keycards).
* Something you are (eg: fingerprints).

[la1]

I have seen notebooks with the finger scanner built in. I was wondering for the iris scan if the eye has to "alive" . The first I heard of this type of scan I wondered how long it will be till someone cuts off someones head or plucks an eye to get into a secure area The finger one ,,, a finger...

I think probably id cards are the best, what do you think Cellus ?

[Cellus]

No one kind of authentication method is "best" unfortunately, which is why multi-factor authentication - combining two or more different methods of authentication - is considered "best".

In the area of keycards, they are questionable for their own reasons:

* They can be stolen ("five-finger discount").
* They can be copied ("drive-by scanned").

[Kalim]

We've been using them for a long while, but with any man-made device there will be flaws:

Take one method of the scanners, the optical scanners. They use CCDs, and those have built in LEDs to illuminate the ridges and valleys (fingerprints). If either one of the LEDs dims out or the optical scanner end print is not as clear and pixelated as the original saved data print, you will be denied access and conversely, allowed access while you shouldn't have if the opposite was to occur. If the processor errors in comparison analysis, anything can result (see how many page and fetch faults a typical microprocessor encounters per second). Their point is not the analysis of all the acquired scanned image, but take on minutiae or bifurcations AKA typica (distinct end line features); which with voice/iris/fingerprint are much more time-consuming and complex to reciprocate and guess than a password or access-card but by "stealing" (hacking-brute force) methods of data acquiring from a system, you can gain access to all the stored print data, and thus acquire unlimited access. You can then further even mold gelatin print mold over a real finger and while seem to not have access (play it dumb), you will have access to all of them willy nilly. Further methods to break this chain of protection is simple finger molding, enforcing the individual with damage or actually just acquiring his/her finger, which would be more punitive than any security protection method loss practiced before it.

As Cellus rightly states, the combination method is the best source of access protection all round, to facilitate in tighter and more reliable controls - the multi-layered approach.