from the how-about-biometrics-AND-passwords? dept.
ZDNet has an article on the newest Windows "security" feature.
"At the WinHEC conference in China today, Microsoft showed off a new biometric authentication feature called Windows Hello. The ambitious technology, which uses fingerprint and iris recognition to replace passwords, will debut in Windows 10 devices later this year."
I have used fingerprint devices for security purposes and I was personally underwhelmed with the product. Do you know that old people don't read well on fingerprint readers? Skin is too dry. People with manual labor type jobs have trouble with them as well as they can scour the fingerprint off their fingers. I found them to be much more trouble than they were worth.
Does anyone really think this is a good idea? I know passwords are a problem, but my experience with biometric security tells me this is not the answer.
(Score: 5, Insightful) by Anonymous Coward on Thursday March 19 2015, @11:35AM
Why the hell would I want to give away my fingerprints in the first place? Passwords are good because they can be changed easily and don't require surrendering revealing information.
(Score: 1, Funny) by Anonymous Coward on Thursday March 19 2015, @11:40AM
You might be revealing information if your password is iL!kE2s^ckC0ck.
(Score: 3, Insightful) by gmrath on Thursday March 19 2015, @11:45AM
Easy to change one or all passwords. Really tough to change fingerprints. Of course, if fingerprint security on your computer or whatever has been compromised, you've got a lot more to worry about. Or, maybe not. Horse already out of the barn because the door's been stolen. Along with the barn and probably everything else.
(Score: 1, Informative) by Anonymous Coward on Thursday March 19 2015, @12:06PM
> Why the hell would I want to give away my fingerprints in the first place?
According to the article you don't. The biometrics never leave the device, they become part of a multi-factor system where possession of the device and your biometrics are two of the factors. Based on my experience working on IAFIS [wikipedia.org] even the device itself won't store a copy of your print, just a hash of the minutiae. That doesn't mean the hash won't be reversible, but if they do it right it won't be.
(Score: 4, Insightful) by Nerdfest on Thursday March 19 2015, @12:40PM
This is all based on Microsoft being trustworthy and doing what they say. Based on how they work with the NSA et al, they do not have my trust.
(Score: 4, Disagree) by frojack on Thursday March 19 2015, @07:02PM
Exactly.
If Microsoft wanted to improve security they could start by allowing client side encryption of their cloud storage with user specified keys.
Instead we get more information gleaned by an untrustworthy vendor.
No, you are mistaken. I've always had this sig.
(Score: 2, Insightful) by Anonymous Coward on Thursday March 19 2015, @07:44PM
You would trust microsoft to keep your client-side encryption key secure.
But you wouldn't trust microsoft to keep your client-side biometric key secure.
Do you see the logical inconsistency of your position?
(Score: 4, Touché) by quadrox on Thursday March 19 2015, @12:42PM
That doesn't mean the hash won't be reversible, but if they do it right it won't be.
Yeah... because Microsoft has such a great track record of doing things right...
(Score: -1, Troll) by Anonymous Coward on Thursday March 19 2015, @01:17PM
Huh huh, you slammed micro$oft! dur...
(Score: 1) by GreatAuntAnesthesia on Thursday March 19 2015, @04:58PM
What, you're saying they are too easy a target?
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @05:33PM
Yeah, its like making fat jokes about chris christie.
After the millionth time it ain't funny and it definitely ain't clever, it's just a way for someone to signal their tribal affiliation.
Which is really redundant on a site like this.
(Score: 5, Informative) by VLM on Thursday March 19 2015, @12:43PM
Root once device to store the image or obtain the image some other way, print the image out, wave image in front of scanner, and you pown the victim for all eternity, not just "till they change their password".
(Score: 2) by Wootery on Thursday March 19 2015, @04:13PM
the device itself won't store a copy of your print, just a hash of the minutiae
How does that work, given that the system has to cope with small deviations on each read, and that hash functions are designed to produce totally different values even for inputs which differ by only a tiny degree?
(Score: 1, Informative) by Anonymous Coward on Thursday March 19 2015, @05:36PM
You don't hash the image. You calculate the locations of the minutiae relative to each other, then you quantize those locations so they are binned. Then you hash the bins.
(Score: 3, Insightful) by WizardFusion on Thursday March 19 2015, @11:42AM
If you have something secured with a fingerprint, and someone *really* wants it, they will just chop off your finger.
Iris scans are harder to get, but still not impossible
Passwords will never go away, not in our lifetime.
(Score: 1, Insightful) by Anonymous Coward on Thursday March 19 2015, @12:12PM
> If you have something secured with a fingerprint, and someone *really* wants it, they will just chop off your finger.
If you have something secured with a password, and someone *really* wants it, they will just beat it out of you.
Security is never about absolutes, it is about cost to crack versus cost to secure. Biometric systems can be an improvement over passwords for many use cases. Especially for the average user who just needs it to protect against someone stealing their phone.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @01:39PM
And you don't think "one finger" is too high a cost?
The cost of a knife vs the cost of a finger.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @05:49PM
> And you don't think "one finger" is too high a cost?
> The cost of a knife vs the cost of a finger.
By that logic beating the shit of you is even cheaper since you don't even need a knife for that.
(Score: 0) by Anonymous Coward on Friday March 20 2015, @08:59AM
But I can stop it at any time, by simply telling them the password. Thus the cost of the breaking the security will not become larger than the value being secured.
When they come to chop off your finger, you can't give them your finger to stop the pain, the cost will be your finger whether or not you're willing to pay that cost.
(Score: 2) by sjames on Thursday March 19 2015, @09:34PM
At least when you recover you'll have all of your fingers. I imagine in the fingerprint scenario, after they beat you and hack your finger off, they won't be nice enough to re-attach it for you.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @09:43PM
Or they just kill you because they are criminals who obviously don't give a damn about you and if you are dead you can't ID them.
If you want to argue about extreme cases, you don't get to pretend that the people involved won't take extreme actions if it benefits them.
(Score: 3, Insightful) by Thexalon on Thursday March 19 2015, @12:17PM
In the extreme, yes, that would work, but it's not actually necessary. Instead of taking the actual finger, you target the fingerprint scanner driver, create a copy of the data the user successfully used to log in, and then replace the real driver with something that just sends the copied data whenever it's asked for a fingerprint. And no, hashing or encrypting doesn't get around this problem, because at some point the data exists in a non-encrypted form.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @05:47PM
And even when using actual fingerprints, better ways to get them than cutting off fingers have been demonstrated. Especially ways which only need your fingerprints on e.g. a glass, which is much easier (and much more stealthy) to obtain (ever been to a bar?).
(Score: 3, Insightful) by urza9814 on Thursday March 19 2015, @06:08PM
In many cases all you need is a photocopy of their fingerprint. Worked on Mythbusters ;) And they lifted the fingerprint off a case of blank CDs. Seems it would be very easy for someone to get my fingerprints. *Far* easier than it would be for them to get my password. Particularly since your fingerprints are likely already all over the laptop, so if someone steals your laptop they already have everything they need to access all your data.
(Score: 5, Funny) by Anonymous Coward on Thursday March 19 2015, @11:45AM
Hipsters have young firm skin and they never dirty their pretty hands with work.
(Score: 5, Insightful) by Jaruzel on Thursday March 19 2015, @11:48AM
If your password is compromised, you can change it. It's annoying, but it's not a major problem to fix.
If your fingerprint or iris is compromised, how do you change it? You can't. That's it, everything you access via biometrics is now no longer secure. You might as well go off grid, and keep all your secrets under the mattress.
My daughters school introduced fingerprint scanning for school meals, and are proposing installing scanners on all the external door locks as well. Although I gave my daughter the choice, I did explain to her the problems of a third party keeping something so personal to her, secure. Not to mention that it's a gross invasion of privacy of a minor. She opted out of the system, and is the only girl in the school with a NFC card instead.
What we need is more trust. I never lock the PCs that are in my house. My family and guests have enough respect for each other not to just go messing around without consent. Likewise I don't lock my phone. If I'm dying under a truck I want the emergency services to be able to phone my loved ones - so what if they can see my Facebook or photos...? It's not like I'm carrying around national secrets or anything.
We're all TOO obsessed with passwords and keeping our shit secret. 99% of it is all bollox anyway. So before you sit down and trying to think up this months super-secure password, ask yourself, 'do I really need to, or will Password1234 just be good enough?'
-Jar
(No, I don't use Password1234 anywhere, so don't bother trying).
This is my opinion, there are many others, but this one is mine.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @11:57AM
Thanks for the clarification. I'll inform the Chinese SSH bots immediately.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @12:02PM
> What we need is more trust. I never lock the PCs that are in my house. My family and guests have enough respect for each other
That's great and all. But not everybody is so fortunate to live in those circumstances.
(Score: 2) by acid andy on Thursday March 19 2015, @12:56PM
Err, use a different finger? Or your other eye?
Seriously though, I hate this whole idea and don't want an OS with this invasive technology bundled even if I am given a questionable assurance that I can disable it.
Master of the science of the art of the science of art.
(Score: 0) by Anonymous Coward on Friday March 20 2015, @09:04AM
You may think so now, but I can assure you that once your left eye has been compromised, you are not going to want to risk your right eye.
As for fingers, depends on the person. Some people may be willing to risk getting a few fingers compromised, but most people won't.
(Score: 2) by Freeman on Thursday March 19 2015, @03:54PM
Yeah, here's the problem. Everything we were taught about how to choose a good password was useless. Please see this XKCD comic for clarification. http://xkcd.com/936/ [xkcd.com] Random numbers/capitalization/punctuation do great at keeping someone from guessing your password. It's pretty much useless against a machine. Your best bet is to have a Long (Easy for you to remember) password. Sure it may take you a second or two longer to type it out, but it's a lot harder to brute force a 40 character long password than it is a 10 character long password. Not taking the steps to keep your stuff secure is up to you. Just don't cry when your identity is stolen by your daughters' boyfriend's sorta friend.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1, Insightful) by Anonymous Coward on Thursday March 19 2015, @05:54PM
Well, your great 40 character password won't help you if the site only accepts up to 12 characters, but mandates that your password contains at least two digits, two uppercase letters, three lowercase letters and one special character (but please, not outside the set of allowed special characters, which of course is unique to that site).
(Score: 3, Insightful) by Immerman on Thursday March 19 2015, @04:58PM
Actually it seems to me this could be the *perfect* scenario for biometrics.
As so many have pointed out, the actual security delivered by biometrics against a dedicated attacker is low, and pretty much doomed to being permanently compromised. Plus the rather grisly options for low-tech bypass. And I don't really see any way that will ever change. It's only redeeming qualities are convenience and difficulty of being compromised by a casual/opportunistic attacker.
Basically they're perfect for low-importance security and identification systems - go ahead and use them to lock your home PC, your diary, and the school doors. Claim your lunch. It's very unlikely that anyone will go to the effort of compromising them for such small rewards, and if they do, so what? You've lost very little, and there's a dozen other ways they could get the same results with less effort. Just for God's sake don't use biometrics to secure your bank account or nuclear weapon stockpile.
I'd compare them to the security of a physical key - something like 80% of the locks available in the world can be opened in under a minute by someone with just a few weeks of lock-picking training. Plus doors are typically the point of highest security - it's probably even faster and easier to go through a window, wall, or drop-ceiling . That doesn't mean they're useless though, as the saying gos they keep an honest man honest, one should just always be aware that they offer minimal security against even moderately skilled attackers.
(Score: 2, Insightful) by Anonymous Coward on Thursday March 19 2015, @11:55AM
passwords are good
2FA is good, if you don't mind a privacy loss
biometrics is plain cancer
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @02:51PM
> passwords are good
No, passwords are fucking terrible.
Any good password is hard as shit to remember and you can't reuse them across accounts because if one site gets cracked then all of your accounts are now vulnerable. And then are the sites that expire passwords and make you choose a new one on a regular basis. Holy hell is that a pain in the ass.
Something has to change.
(Score: 1) by Mike on Thursday March 19 2015, @04:01PM
> passwords are good
No, passwords are fucking terrible.
Any good password is hard as shit to remember and you can't reuse them across accounts because if one site gets cracked then all of your accounts are now vulnerable.
Passwords do kind of suck. But I think GP's main is that Biometrics suck more. I.e. biometrics are passwords that are easy to remember, PIA to use (print scanners I've tried seem to work 1/2-2/3 of the time), MUST be reused across accounts and if one sites gets cracked then all your accounts are now vulnerable.
Something must change.
Fully agree, which I knew what.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @05:46PM
> if one sites gets cracked then all your accounts are now vulnerable.
That is false for all biometric systems.
Nobody uses the actual biometric image as part of the authentication process.
They use a value derived from it based on their own algorithms.
Stealing that record won't help you get into another site.
Figuring out how to record the original biometric, like lifting their fingerprints off a drinking glass, or taking a photograph of their iris, is another issue. But you can copy a physical key from a surreptitious photograph too. All systems have strengths and weaknesses. The first part of choosing the right tool for a job is to accurately understand those strengths and weaknesses.
(Score: -1, Offtopic) by Anonymous Coward on Thursday March 19 2015, @11:57AM
Should sexist opensource developers have their projects cencored or removed?
Recently an opensource game release story was removed due to the game developer's open sexism(0) and harrasment(1) of women in tech.
A story posted by the editor of the popular Phoronix linux news site about a release of an Open Source videogame was later manually removed(2). The reason cited was the game developer's unacceptable views on social issues such as gender equality (3).
The release story was titled "Xonotic-Forked ChaosEsqueAnthology Sees New Release - Phoronix" and can be accessed via the google cache(4).
With the recent inclusion of a code of conduct(5) for those wishing to contribute to the Linux Kernel some questions now need to be asked and answered about the inclusion of code from people who are known to engage in or promote socially unacceptable attitudes or harrasments of those whom the free-software movement would prefer to attract in their place:
* Are the social or political views of an author of free software relevant to that software's inherent quality?
* Should the beliefs of an opensource developer weigh when when evaluating whether a piece of opensource software is worthy of any publicity or public notice?
* Should men with unpopular or "forbidden" views be excised from the opensource movement and "not allowed" to contribute, in a manner similar to that which is done in employment?
* Has the free/opensource software movement changed in these respects since its founding? If so is this a positive change?
* Should there be gatekeepers to opensource that decide who may and who may not contribute. Should abusive developers be "blackballed" to maintain proper social order and controls?
and
* What are the consequences of not doing this
Citations:
(0) Past related incident: http://esr.ibiblio.org/?p=1310 [ibiblio.org]
(1) http://geekfeminism.wikia.com/wiki/Debian_and_LinuxChix_harassment_by_MikeeUSA [wikia.com]
(2) Removed story URL: http://www.phoronix.com/scan.php?page=news_item&px=ChaosEsqueAnthology-Rel-51 [phoronix.com]
(3) http://www.phoronix.com/forums/showthread.php?115776-Xonotic-Forked-ChaosEsqueAnthology-Sees-New-Release/page2 [phoronix.com]
"Fortunately, the article has been removed now."
"Thanks everybody for speaking up."
(4) https://webcache.googleusercontent.com/search?q=cache:JeCIgSFrBlgJ:http://www.phoronix.com/scan.php?page%3Dnews_item%26px%3DChaosEsqueAnthology-Rel-51%2Bchaosesque&gbv=1&tbs=qdr:w&hl=en&&ct=clnk [googleusercontent.com]
(5) Linux "Code of Conflict"
(Score: -1, Spam) by Anonymous Coward on Thursday March 19 2015, @11:59AM
What would you do
If you were asked to give up your dreams for freedom
What would you do
If asked to make the ultimate sacrifice
Would you think about all them people
Who gave up everything they had
Would you think about all them War Vets
And would you start to feel bad
Freedom isn't free
It costs folks like you and me
And if we don't all chip in
We'll never pay that bill
Freedom isn't free
No, there's a hefty fuckin' fee
And if you don't throw in your buck 'o five
Who will?
What would you do
If someone told you to fight for freedom
Would you answer the call
Or run away like a little pussy
'Cause the only reason that you're here
Is 'cause folks died for you in the past
So maybe now it's your turn
To die kicking some ass
Freedom isn't free
It costs folks like you and me
And if we don't all chip in
We'll never pay that bill
Freedom isn't free
No, there's a hefty fuckin' fee
And if you don't throw in your buck 'o five
Who will?
You don't throw in your buck 'o five
Who will?
Oo, buck 'o five
Freedom costs a buck 'o five
(Score: 5, Insightful) by Justin Case on Thursday March 19 2015, @12:36PM
> fingerprint and iris recognition to replace passwords
No, no NO!!! Why is this repeated so often? It is absurd.
User ID: Anyone can get it, no harm done. Rarely if ever changes. Can use same one for thousands of logins if you want.
Password: Secret, change frequently, especially if you think someone else might have picked up a copy somehow. Different one for every purpose.
Rub your finger or other body part if you are tired of typing your user name. But that does not prove who you are since it is so easy to duplicate. It should still be followed by a password prompt or equivalent. C'mon. This is basic. Easy stuff. Fundamental. Anyone who falls for this fingerprint=password nonsense, including big corporations, should be laughed right out of the technology business and never trusted again until they do a decade of penance, or finally junk Internet Explorer, whichever happens second.
(Score: 2) by bzipitidoo on Thursday March 19 2015, @03:07PM
It's total security theater. After all, why add the label "Enterprise Grade" to it? That can only be marketing nonsense aimed at clueless upper managers.
MS should be laughed out of the technology business. They have amply demonstrated that they don't or won't get it, and are not to be trusted. "Windows Genuine Advantage" was one of the most insulting lies about security that they ever told, topped possibly only by "Trusted Computing". They stuffed WGA in alongside their critical updates to patch their vulnerabilities, as if it was just another security update. The only "advantage" of WGA to the users is that MS says they won't sue them for piracy if WGA approves their software. MS violates our trust and laws, by doing such things as disabling the software of competitors, and sniffing their users' computers for MS software that looks pirated whether it really is or not, and ratting them out and crippling the functionality of the OS. And then MS has the nerve to call such acts "security". Yeah, security for MS, against all of us!
MS could copy the private data of their users, and use that info themselves or turn it over to the government. When they were disabling computers, they were lucky it didn't happen to an important computer during a critical moment, causing damage and death, much the same way that GM's ignition switch did. Given their past history, we can strongly suspect that if MS ever got Trusted Computing established, they would turn it against everyone in a heartbeat, abusing it to enforce DRM on everyone.
(Score: 1, Funny) by Anonymous Coward on Thursday March 19 2015, @05:58PM
Because it has the security level of the USS Enterprise from Star Trek (the one where you say your secret security code aloud to the computer).
(Score: 2) by el_oscuro on Thursday March 19 2015, @10:15PM
Oracle has perfected the art of converting management stupidity into money. Since the supply of management stupidity is endless, Microsoft is trying to cash in too, and this may be the means to do it.
SoylentNews is Bacon! [nueskes.com]
(Score: 5, Insightful) by VLM on Thursday March 19 2015, @12:46PM
Its a funny bifurcation that noobs and journalist hear "enterprise grade" and think "awesome" but a growing segment of society hears "enterprise grade" and hears "expensive ripoff that takes huge amounts of money and labor which doesn't work"
"enterprise grade" Oh shit why couldn't they have bought something that'll actually work?
(Score: 2, Interesting) by Anonymous Coward on Thursday March 19 2015, @12:53PM
In the home construction business "contractor grade" hardware and fixtures sounds better than what a non-professional would buy, but it actually means the cheapest possible shit.
(Score: 2) by sjames on Friday March 20 2015, @12:06AM
Enterprise grade is code for expensive, half finished and a bazillion minuta that need to be configured and don't have a useful default but somehow that doesn't result in even a bit of useful flexibility.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @01:40PM
Like it or not, welcome to our new biometric future.
Here in Panama, they secretly installed fingerprint scanners at the airports.
Slowly surprising travelers without foreknowledge of the devices they were about to be corralled into.
They paid for a vacation and got a penitentiary.
Nice one America.
You win.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @10:07PM
Sounds like Japan.
Which is why I will never travel there.
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @02:05PM
Something you have...
Something you know...
Something you are...
Two of these allow for changing it and using a new item as an authenticator. One of them doesn't...
Good luck talking to the IRS saying that it wasn't *YOU* who submitted that false tax return. "But sir, it was secured with biometrics. It *must* have been you. Here's a federal agent that will escort you to the farthest citizen re-education camp."
(Score: 2, Insightful) by Anonymous Coward on Thursday March 19 2015, @02:18PM
now ALL my windows accounts are tied to my irl persona! So to cross correlate what PC's i use where and when and whatfor is as easy as spelling Five Eyes
(Score: 3, Insightful) by Anonymous Coward on Thursday March 19 2015, @02:30PM
The best scanners now do sub-dermal scanning to pick up the vascular pattern under the skin. Those can be made to work with damaged fingerprints, but cost more.
Fingerprints are a viable username replacement, but a terrible password.
Does anyone else see this an the next version of the MSLive user conversion to make all Windows use require uniquely identifying the actual person with Microsoft? It seems like they're really gunning for that.
(Score: 1, Insightful) by Anonymous Coward on Thursday March 19 2015, @02:51PM
Oh, there is no current state of acceptance in large scale enterprises for biometrics? (Outside of TLAs...)
Then "Enterprise Grade" in this case is just Marketing Bullshit, other than their hope that their product will become the biometric standard that enterprises use.
Moving along....
(Score: 2) by present_arms on Thursday March 19 2015, @04:03PM
Instead of adding useless features like this, how about having a bug crush fest and clean up that shite code first? I'm so tired of fixing windows shit and I'm not on about the vulnerabilities , I'm on about the bugs in the OS itself, before you've even installed anything.
http://trinity.mypclinuxos.com/
(Score: 0) by Anonymous Coward on Thursday March 19 2015, @11:31PM
So, why are you still jacking with winblows then? Get Linux and be done with it.
(Score: 2) by Nobuddy on Thursday March 19 2015, @06:59PM
http://www.pinballrebel.com/game/pins/ij2/shop/Eyeball_files/MovieStill.jpg [pinballrebel.com]
(Score: 1, Interesting) by Anonymous Coward on Friday March 20 2015, @03:46AM
Here in, "the land of the free" a brown shirt can demand you unlock your device with your fingerprint, and you have no right to refuse. You theoretically can't be forced to reveal a passphrase. The distinction is something you know, a thought vs. a physical attribute.
Of course a passphrase probably doesn't buy you that much with a Microsoft product. Not just talking about the weak encryption used by windows (unsalted rc4)-- Google: Windows NSA Key to see why some people assume windows is back-doored by the NSA already.
(Score: 0) by Anonymous Coward on Friday March 20 2015, @10:29AM
What does a "brown shirt" mean in the US? Because for me as German, the only association I have with "brown shirt" is "Nazi".