Re: Biometrics and AD
From: Ted Zieglar (teddyz_at_notmail.com)
Date: 09/07/05
- Next message: Yogesh Mehta [MSFT]: "Re: IIS 6.0 cannot download a Verisign CRL !!"
- Previous message: JR: "Re: DC reg change"
- In reply to: Miha Pihler [MVP]: "Re: Biometrics and AD"
- Next in thread: RickB: "Re: Biometrics and AD"
- Reply: RickB: "Re: Biometrics and AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 7 Sep 2005 13:28:42 -0400
Thanks to all for responding. I understand the limitations.
-- Ted Zieglar "You can do it if you try." "Miha Pihler [MVP]" <mihap-news@atlantis.si> wrote in message news:Oe8XB%238sFHA.3264@TK2MSFTNGP12.phx.gbl... > I can agree with this. I would go with some recommendations to use > biometrics for _identification_ only (e.g. instead of me writing in > username -- computer figures it out from my fingerprint and e.g. doesn’t > give me any other option to provide PC with username) but not use biometrics > for authentication (e.g. for authentication you could still use e.g. smart > card or one time password or ...)... > > There are also other issues to consider. What will you do if someone manages > to forge my fingerprints (this is quite possible specially with a lower > priced solutions and we leave our fingerprints just about everywhere – even > on smart cards ;-) -- ) -- how will you now allow me to access company > network? It will be pretty hard for me to change my fingers :-)... while it > is pretty easy to change password and even username! > > Just some thoughts on the subject that should usually get an answer before > you decide to implement any biometric solution. > > -- > Mike > Microsoft MVP - Windows Security > > > "Jason Viers" <spam@beanalby.net> wrote in message > news:OBPUs47sFHA.3040@TK2MSFTNGP14.phx.gbl... > > Ted Zieglar wrote: > >> Sorry to stick my nose in here, but the subject of biometrics is so > >> interesting to me. > >> > >> I believe that currently Microsoft doesn't recommend biometric logon for > >> applications needing a high level of security. Can you see this happening > >> in > >> the future, or does Microsoft have to wait for the hardware to advance? > > > > The main problem I see with fingerprint biometrics is it's very easily > > fooled, using only materials from a hobby store and an item that has a > > valid user's fingerprint on it. > > > > http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci833464,00.html > > > > ---------------- > > > > I haven't investigated biometric authentication much, but it seems there's > > another problem for all biometric authentication methods - permanence of > > keys. Let's say that retinal scans is much more difficult to duplicate, > > so my company implements that. Someone really wants to get in, so they > > jump through some amazing hoops, spend a couple grand, and manage to make > > a fake duplicate retina of our CEO. > > > > In the normal password or smartcard world, it'd be no problem -- just give > > them a new password and/or smartcard. But the CEO only has one retina, > > and it's been permanently compromised. That method of verifying the CEO > > no longer works, and there's nothing we can do about it. > > > > The fact that I only have one set of biometric data points, which are > > duplicable, makes me worried about anyone using them to authenticate me. > > > > I can see biometrics being used in conjunction with smartcards and/or > > passwords as another fence for intruders to hurdle, but not as a > > standalone method for authentication. > > > > Jason > >
- Next message: Yogesh Mehta [MSFT]: "Re: IIS 6.0 cannot download a Verisign CRL !!"
- Previous message: JR: "Re: DC reg change"
- In reply to: Miha Pihler [MVP]: "Re: Biometrics and AD"
- Next in thread: RickB: "Re: Biometrics and AD"
- Reply: RickB: "Re: Biometrics and AD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
