At 4:06 PM -0800 1/28/02, [EMAIL PROTECTED] wrote: >at least part of the fingerprint as a PIN ... isn't the guessing issue &/or >false positives .... it is the forgetting issue (and the non-trivial number >of people that write their PIN on the card).
Or to state it another way. These cards attempt to use two factor authentication, what you have (the card) and what you know (the PIN). When a user writes the PIN on the card, it becomes one factor authentication. Almost anything that returns it to being two factor security would be an improvement. (Biometrics offers the possibility of 3 factor authentication. What would be really nice is to be able to have the same PIN/password for everything. With frequent use, forgetting it would be less of a problem, as would the temptation to write it down. However, such a system would require that the PIN/password be kept secret from the verifier (including possibly untrusted hardware/software used to enter it. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
