MC wrote:
...
You can't dictionary brute force a fingerprint remotely, and you can't forget
your finger :)
Good fingerprint authentication is better than passwords in dare I say every way, EXCEPT
for when you are a high profile target who might be stalked for finger access. The
hordes of people out there using simple passwords like "password" would be
better protected with any biometric.
I disagree.
Depending on the strength of the fingerprint device, the quality
of the fingerprint scan may be quite low.
In some cases, there have been fingerprint authentication
devices for PCs that have been fooled by very simple methods
of copying the fingerprint.
The fingerprint alone should never be enough to log you in,
despite what they show on movies.
The same is true for tokens that require PINs rather than just
the device themselves.
Ideally fingerprint'ing should only stand in place of entering in
your username - ie identifying you - and still require a password.
This falls in line with its use by law enforcement agencies:
to help them identify people who were possibly present.
Darren
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
