497
submitted 11 months ago by misk@sopuli.xyz to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] ExpensiveConstant@kbin.social 3 points 11 months ago

How are biometrics fundamentally insecure?

[-] snooggums@kbin.social 18 points 11 months ago* (last edited 11 months ago)

If it is low detail enough to consistently 'work', it isn't complex enough to be better than something like a chip and pin approach.

They are repeatedly bypassed with easy hacks like silly putty and photographs. People's biometrics are not unchanging. Burned fingers, swollen eyes, and sore throats are things that can change enough to make biosecurity unreliable. That is before cold and heat and how they effect biological things!

That is all before you take into account the fact that some people don't have whatever is being used. Have fun using eye based biosecurity on someone with cataracts or is missing their eyes entirely due to injury or just being born without them fully developed. Or they have a physical issue that makes it hard for them to interact with the bio reader. Stephen Hawking needing to lean towards a mounted eye scanner would be impossible for example.

So either you have mediocre security that allows for a lot of false positives to get through or you end up having to add a bypass system for when it fails, and now you have two ways that security can be defeated! A non-biological solution with two factor authentication of an item and a PIN or other knowledge piece is far more secure than biosecurity can ever be.

So already insecure, but in addition to that anyone with physical access to the person can force them to do the biosecurity. Police are able to force someone to put their finger on their phone, or look at the screen for a face unlock. Maybe they aren't legally able to, but it is a good example of not being secure.

[-] Rustmilian@lemmy.world 5 points 11 months ago* (last edited 11 months ago)

I couldn't have said it better.

Not to mention that a company could easily harvest this information, just look at FTC for example.

[-] bilb@lem.monster -5 points 11 months ago

Well I could have, but simply chose not to.

[-] snooggums@kbin.social -4 points 11 months ago
[-] TORFdot0@lemmy.world 3 points 11 months ago

They aren't 100% reliable and it has its' challenges based on its implementation but I wouldn't consider it fundamentally insecure. It's as secure as a NFC token, TOTP, or a push notification as a form of authentication. It's like birth control, no method is 100% safe and effective, but plain username and password auth is like pulling out, anything is better than that.

this post was submitted on 22 Nov 2023
497 points (98.6% liked)

Technology

59374 readers
3467 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS