[EMAIL PROTECTED] wrote: > I would bet that comparatively few businesses would be interested in > deploying such devices if one-on-one wetware supervision of the > authentication process was required. Asked to rate the desirable attributes > of such a system, I bet that "automation" beats out "increased accuracy" > every time.
Yeah, just like ease of use beats out security in most cases. The point to drive home here is that businesses are more interested, it would seem, in a security blanket than actual security. Like Jay is fond of saying, the snake oil salesmen are the only ones seeming to move product in this economy. But the problem exposed by the recent rash of biometric spoofing papers and reports is a much more fundamental one than just biometrics being inherently insecure (which they are not, they just need to be used as part of a security system, not as a magic bullet). The problem as I see it is that everyone is paying lip service to security, but what companies really want is impossible: 1. Completely secure systems 2. Completely automated security 3. Completely unobtrusive security 4. Low or no cost solutions As most security pros will tell you, any *two* of these alone would be almost certainly mutually exclusive, and 1. is a myth anyway! It seems that companies want the security, but the second that management is incovenienced by it, exceptions are made. And sysadmins... don't get me started here. Most sysadmins could care less about security. And those who want to care don't have the time or motivation to learn what they need to know! -Josh -- Josh Glover <[EMAIL PROTECTED]> Associate Systems Administrator INCOGEN, Inc.