da_6672d ago
You'll never convince me that biometrics are a well thought-out form of authentication.
Show threadGraham Sutherland / Polynomial2d ago

@da_667 I did a talk on this with a colleague at Cisco's internal conference, where we analysed a bunch of biometric factors like fingerprint, voice print, facial biometrics, etc. in terms of various security properties.

TL;DR biometrics are useful as a second or third factor but sole-factor biometric authentication is a really bad idea.

Show threadGraham Sutherland / Polynomial2d ago
@da_667 one case study we did was at an org who rolled out voice print auth for password resets to reduce support ticket burden. I expected it to be bad, but it was all sorts of weird. people with monotone voices could be spoofed most of the time just by putting on a monotone voice. we bypassed auth a few times just by laughing instead of reading out the auth phrase.
Show threadGraham Sutherland / Polynomial
@da_667 and, as always, biometric authentication systems' accuracies *always* drop when the user is not a white guy.
Jun 7 at 4:39pmWeb