[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Other than password

From: Mige Harimurti
Subject: Re: [Auth]Other than password
Date: Tue, 31 Jul 2001 14:38:39 +0700

At 13:19 7/31/01 +1000, you wrote:

Mige Harimurti wrote:

> Hi ...
> I'm working for biometric, focusing with fingerprint. [...]
> The comparison process can be on the server or in the user side.

How is this any more secure than passwords?  If a cracker
sniffs the packet containing the biometric data, it can
be replayed just as easily as a password can.  i.e. once
they sniff my fingerprint data, they can pretend to be me.

Of course if they got the data.
It just another alternative than password.
But you don't have to remember the password.
I think the fingerprint method will be much cheaper in the near future.
So It will be, in my vision, more common to see a little gadget with fingerprint device. e.g. mouse, pda, mobile-phone or notebook with fingerprint sensor. Or as add-on card with PCMCIA.

Are you using tamper-proof fingerprint scanners with
end-to-end challenges and digital signatures to validate the
scan in real time?  If not, the security this provides isn't
all that useful.

No. Not for now.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]