Reply to post: Re: Stop blaming the users

Stop resetting your passwords, says UK govt's spy network

Phil W

Re: Stop blaming the users

DNA, fingerprints and other biometric security are actually terrible ideas. Entry level to mid level fingerprint scanners are unreliable, and prone to getting dirty and being inaccurate and/or are easy to fool, anything decent is expensive. DNA is impractical as with current technology and anything we're likely to have in the foreseeable future it would simply take to long to authenticate.

Some fingerprint scanners can also be fooled with fingerprints copied onto paper or other material, do you know of any good mechanism for resetting your fingerprints once they've been compromised like you would with a password?

Putting aside the practicalities of implementation for a moment, do you really want to secure valuable things using your DNA or fingerprints? If it's valuable enough you're just encouraging someone to remove your fingers or blood which is both bad for you and not terribly secure since fingers are far more easily broken than a complex password.

Also at least with passwords you can either hand them over and potentially not be harmed, or lie to the person trying to get it from you (not necessarily a good idea but it's an option).

Reliably extracting data from someone's mind is next to impossible, as much as the security services would like you to be believe torture (sorry, enhanced interrogation) is effective it often isn't and could easily lead to death before the correct information is retreived.

As for a "quantum approach" , what form do you envision that taking? Sure quantum computing could open up some more advanced avenues of encryption but strength of encryption is rarely the main security issue these days, but the nature of the key used to unlock it whether that be a password/passphrase or physical key of some sort. These can all be cracked/lost/forgotten/stolen etc.

The real future (and even present) of secure authentication is two (or higher) factor authentication, whether than be multiple code entries or physical factors like RFID/smartcards.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019