RE: Biometrics (was Re: [fw-wiz] Username password VS hardware token plus PIN)
From: Eugene Kuznetsov (eugene_at_datapower.com)
To: "'Devdas Bhagat'" <email@example.com>, <firstname.lastname@example.org> Date: Tue, 12 Apr 2005 08:33:59 -0400
> -----Original Message-----
> From: email@example.com
> [mailto:firstname.lastname@example.org] On Behalf
> Of Devdas Bhagat
> > The implementation doesn't matter if the attacker set
> believes that they
> > can breach the system. For instance, if a rumor starts
> that iris scanners
> > in ATMs open up if you pop out an eyeball and hold it on
> the end of a pen,
> > there will be a bunch of one-eyed victims running around
> _even if the
> > premise is untrue_.
> Anyone feel like continuing to use or recommend biometrics?
> I would *much* rather be safe.
This is a very good point. With passwords, you may be physically harmed to
extract the knowledge from you, but at least it's dependent on how resistant
you are to giving it up!
Anyone else care to comment or offer a reason why this isn't a problem?
\\ Eugene Kuznetsov, Chairman & CTO : email@example.com
\\ DataPower Technology, Inc. : Web Services security
\\ http://www.datapower.com : XML-aware networks
firewall-wizards mailing list