Results 1 to 10 of 10

Thread: Fingerprints NEVER Trust them

  1. #1
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts

    Fingerprints NEVER Trust them

    Was in two minds as to which forum to post this to. Either tech or spam ... but I thought this might be a better fit:

    http://www.theverge.com/2014/4/15/56...l-the-password

    Probably the most stupid thing in the world is to make use of your fingerprints as a pass key.

    The 2 major flaws are:

    1. Inability to change your fingerprints - so after a database is compromised that's it (and face it many sites have been compromised in the past and they certainly won't be the last). You're stuck with 10 chances for life, unless you want to start using your toes or get a finger transplant
    2. The more scary version: Using your fingerprints as a pass key is worse than tattooing your password on your hand. You're basically making a physical copy of your pass key on everything you ever touch. It's more like writing your password down on everything around you, ever, throughout your entire lifespan. Are you going to keep wearing gloves?


    And that's not even trying to consider any further problems like the level of hashing - the stronger the hashing the more finicky the password scanner becomes. The more usable it is the more chance that someone else's fingerprint might be recognized as yours. Or even worse - you're now using the same "password" for everything from your bank account to your facebook login to the password for this site.

    So fingerprints (contrary to actually making a better pass key) has all the problems of passwords (e.g. forgetting which finger you used and at what angle you pressed), but adds some scary ones of their own.
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  2. Thanks given for this post:

    adrianh (16-Apr-14)

  3. #2
    Gold Member
    Join Date
    Mar 2012
    Location
    Vanderbijlpark
    Posts
    886
    Thanks
    83
    Thanked 381 Times in 298 Posts
    You also have an outstanding chance of having said finger forcibly removed in good old RSA.

  4. Thanks given for this post:

    Chrisjan B (16-Apr-14)

  5. #3
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts
    It seems we're going to be forced to use this absolutely inferior "passkey": http://businesstech.co.za/news/softw...st-sa-economy/

    Looking forward, he said that the fingerprint technology will see users making use of their fingerprint to make online mobile payments, purchase merchandise offline and sign into online banking, without making use of codes or credit card details.
    Wow! So instead of giving just your ICV number to the one party you're purchasing from, you give your fingerprint to every one who walks past the same lamp post you touched. That's soooooo "intelligent" isn't it?
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  6. #4
    Diamond Member adrianh's Avatar
    Join Date
    Mar 2010
    Location
    Cape Town
    Posts
    5,089
    Thanks
    336
    Thanked 808 Times in 642 Posts
    Some companies take all ten prints and ask for a specific one at random...
    How easily someone is offended is directly proportional to how stupid they are.
    ~GS Elevator

  7. #5
    Diamond Member Justloadit's Avatar
    Join Date
    Nov 2010
    Location
    Johannesburg
    Posts
    2,671
    Thanks
    88
    Thanked 544 Times in 460 Posts
    Blog Entries
    1
    What they are not considering, is that a number of the population will have a huge problem being identified, as their finger prints on many occasions are worn down by the kinda work they do. One which immediately comes to mind is brick layers, the handling of bricks acts like sand paper on the fingers. Also many of the other manual type of work, which requires the handling of material will also affect the finger prints.
    Victor - Knowledge is a blessing or a curse, your current circumstances make you decide!
    Solar and LED lighting solutions - www.microsolve.co.za

  8. #6
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts
    Quote Originally Posted by adrianh View Post
    Some companies take all ten prints and ask for a specific one at random...
    That makes the cardinality 10 ... with a very "insecure" password of 3 letters all upper-case alphabetical the cardinality is 26 x 26 x 26 = 17576. So then someone just has to go to the tread-mill you've just finished with at the gym and they've got all 10 your "passwords". Even if they then figure out that someone screwed up by not noticing which finger went where - and they tried all 10 ... it's still impossible for YOU to change those.

    Quote Originally Posted by Justloadit View Post
    What they are not considering, is that a number of the population will have a huge problem being identified, as their finger prints on many occasions are worn down by the kinda work they do. One which immediately comes to mind is brick layers, the handling of bricks acts like sand paper on the fingers. Also many of the other manual type of work, which requires the handling of material will also affect the finger prints.
    Very good point also! I had this with a clock-in system at work. Was doing some house repairs over a weekend and on Monday the reader wouldn't accept my print.
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

  9. #7
    Platinum Member pmbguy's Avatar
    Join Date
    Apr 2013
    Location
    PMB
    Posts
    2,094
    Thanks
    310
    Thanked 254 Times in 230 Posts
    What about finger/hand tsotsi's? Not for me thanks

  10. #8
    Gold Member Houses4Rent's Avatar
    Join Date
    Mar 2014
    Location
    Cape Town
    Posts
    761
    Thanks
    7
    Thanked 55 Times in 51 Posts
    Is it really that easy to lift a finger print and make it usable? How woudl one do that? I remember when the cops brought their "specialist" I ended up with a royal mess from all that black powder and no usbale finger print harvested. I decided there and then that I will never allow that again as the cleaning up is just too much hassle. It even went into the wood grain of my old furniture.
    Houses4Rent
    "We treat your investment as we treat our own"
    marc@houses4rent.co.za www.houses4rent.co.za
    083-3115551
    Global Residential Property Investor / Specialized Letting Agent & Property Manager

  11. #9
    Full Member lewskannen's Avatar
    Join Date
    Feb 2011
    Location
    Johannesburg
    Posts
    38
    Thanks
    0
    Thanked 8 Times in 5 Posts
    Quote Originally Posted by Houses4Rent View Post
    Is it really that easy to lift a finger print and make it usable? How woudl one do that? I remember when the cops brought their "specialist" I ended up with a royal mess from all that black powder and no usbale finger print harvested. I decided there and then that I will never allow that again as the cleaning up is just too much hassle. It even went into the wood grain of my old furniture.
    Yes, it is.

    We actually tried this on a laptop. We had the owner drink from a tin of coke. We lifted the fingerprint, processed and printed it. We managed to log into the system without any issues.

    Normally, this software identifies a couple of unique features to a fingerprint. It is these same features it uses to authenticate the user. As long as you lift and print the fingerprint in almost the same size, you will gain access to the system.

    For some time now fingerprints alone have not been a secure method of authentication.

    Here is a nice DIY for doing just this - http://www.instructables.com/id/How-...stem-As-Easy-/

  12. Thanks given for this post:

    irneb (17-Jun-14)

  13. #10
    Gold Member irneb's Avatar
    Join Date
    Apr 2007
    Location
    Jhb
    Posts
    625
    Thanks
    37
    Thanked 111 Times in 97 Posts
    And a new update on this: http://www.computerworld.com/article...he-future.html

    WTF? Really? So now it's you face they want to recognise! I.e. everyone ... go tattoo your current password on your forehead and from now on you're not allowed to change it ever again!

    I can't believe these guys. Can't they even just think slightly further than "Uhm ... everyone has a unique face / fingerprint / iris / etc. don't they?"
    Gold is the money of kings; silver is the money of gentlemen; barter is the money of peasants; but debt is the money of slaves. - Norm Franz
    And central banks are the slave clearing houses

Similar Threads

  1. Trust Financials
    By Angelee in forum Accounting Forum
    Replies: 2
    Last Post: 09-Jan-14, 07:47 AM
  2. Tax Advice - CC vs PTY LTD vs Trust?
    By Norri in forum Tax Forum
    Replies: 9
    Last Post: 29-Apr-13, 05:12 PM
  3. Who do you trust
    By ians in forum General Chat Forum
    Replies: 3
    Last Post: 22-Dec-12, 06:00 PM
  4. [Question] Changing from Trust to CC
    By StephanieB in forum Tax Forum
    Replies: 4
    Last Post: 04-Dec-12, 03:01 PM

Did you like this article? Share it with your favourite social network.

Did you like this article? Share it with your favourite social network.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •