Biometrics & Conundrum
Hitoshi Kokumai
Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
Why on earth do they endeavour to bring down security by putting biometric sensors on the phones and tablets which have been somehow protected by passwords?
Whether static, behavioural or electromagnetic, biometric products are generally operated together with a password by OR/Disjunction (as against AND/Conjunction that is common for 2-factor authentication) so that users can unlock the devices by the password when falsely rejected by biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of the password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of the password (y), say, the devices with Touch ID and other biometric sensors are even less secure than the devices protected only by a weak password.
These biometric products might look more secure in appearance, but it is just a false sense of security. Many of the consumers, who are trapped in the false sense of security, may well be piling up more of their information assets in the cyber space while some of the criminals, who are aware that those consumers are now less secure, may well be silently waiting for the pig to be fat.
False sense of security over a threat could be even more troubling than the threat itself. It is a conundrum how it is possible for so many security professionals to remain indifferent to such a nightmarish situation.
Vice President - ISIS Papyrus Solutions
10 年thank you. I simply find it practical in Mobile devices. Not having type your very secret password everytime (not the minimal four digits) and frankly feel more secure when you want to show something to somebody else and feel idiot to hide the screen while typing it ... Would I like to use for my ATM? yes but solely in addition to the PIN (which is again the poor **** 4 digits code)