[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Other than password

From: John
Subject: Re: [Auth]Other than password
Date: Tue, 31 Jul 2001 21:39:00 -0500

Norbert Bollow wrote:
> > The problem with biometric ID is that you can't change it, once it has been
> > copied. If somebody is able to make contact lenses that the biometric id
> > checker mistakes for your eyes, than you can't just rip your eyes off and
> > get a new pair. I have my reservations about this technology.
> Good point.
> Also someone might be able to intercept the data that is passed
> to the computer from the camera (or whatever) that obtains the
> raw biometric information.  This may be a simpler way in which
> your biometric ID could potentially be faked.

Of course this is really outside of DotGNU, if we design with the
assumption that a user's password and username must be secured at all
points in the transaction *regardless of the source of that password*,
then we've done our job with due diligence. Truthfully, if you can fake
retinal scan data without an eyeball n'ala "Demolition Man", then you
can use the same technology to provide an overide.

Truthfully though, it's the responsibility of the maker of biometric
equipment to make sure they don't expose cleartext. We can suggest a
technological solution, but perhaps we can't enforce one?

John Le'Brecage

reply via email to

[Prev in Thread] Current Thread [Next in Thread]