Wednesday, February 18, 2009

Facial Recognition and Biometrics

Slashdot points to an article describing the "cracking" of facial recognition software used as an alternative login for some laptops. It may be a liberal use of the term "cracking," but it's yet another reason why biometrics should be used sparingly (if at all) and as a single factor in a multi-factor authentication system. It's just too easy to capture and reproduce human qualities that most biometric readers will believe. Try revoking those credentials.

Someone in the identity movement should contact Hollywood and tell them to knock off the sci-fi authentication schemes. I'm convinced that is where much of this biometric craze originates. Isn't painful to watch a show where biometrics provide the "strong" security (which actually offer trivial protection), and the next scene has a ciphertext or firewall being cracked in seconds? I'm talking to you, 24.

No comments: