[CS-FSLUG] Fingerprint system
Josiah Ritchie
josiah.ritchie at gmail.com
Tue Sep 25 07:16:58 CDT 2007
On 9/25/07, Greg Slade <grgaslists at rogers.com> wrote:
> > I have had 3 laptops over the last few years with
> > fingerprint scanners. They're actually quite nice, because
> > I can set some abhorent password that I don't really need
> > to remember, because I swipe my finger to login. And no
> > one else can get into my stuff as a result.
>
> Actually, while biometrics are all the rage, they're apparently not all
> that accurate. I've read that all you need to fool the fingerprint
> scanners built into laptops is some Silly Putty. So if you can set your
> laptop to require *both* a fingerprint *and* a password, that would
> certainly be more secure.
I used to run a site called linuxbiometrics. I've passed it on to
someone else, but I picked up a good deal of info in the process.
This is only true of older systems. They are now doing something they
call liveness testing which means in order for silly putty to work
they would have had to pickup your fingerprint from somewhere (off a
glass) that was rather impressive and somehow warm the putty to a
temperature that suggest blood pumping through the silly putty. Some
may also be concerned with color. Liveness testing becomes a problem
in extremely cold places like Nathan is in when you've just walked in
from walking outside in -10 degree whether your hand has to warm up
some before you can use such devices. There are other types of
liveness testing for things like retina scans, vein scans and facial
scans. I've had all these done to me.
In the case of a school, fooling it with silly putty is an unlikely
scenario because you're probably not going to have the time to
implement it before the person hovering over the line is aware or the
guy behind you gets annoyed that you're holding up the line while
playing with silly putty. I'm generally opposed to the usage of
biometrics where it is replacing a password. I think it should be used
as a username equivalent, but not a password. That said, I don't see
the cultural shift. Too many people think their laptops are secure
because they have a fingerprint scanner. All that does is enter your
password. It's only as secure as your password so this is simply a
device of convenience.
By the way, my understanding is that gummy bears work equally well
depending on the fingerprint scanner. :-) And, yes, the fingerprint
must be lifted onto the gummy bear or silly putty.
My $0.02,
JSR/
--
Our Mission
Technology and Hospitality for God's Workmen
http://missions.ritchietribe.net
More information about the Christiansource
mailing list