North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: User negligence?
Thus spake "Jamie Reid" <Jamie.Reid@mbs.gov.on.ca> > All that user end security devices do is put more non-repudiable > onus on the user, so that when it fails, the service provider is protected, > and the user is cryptographically guaranteed to be SOL. > ... and when the database gets compromised, nobody will believe that > the user isn't responsible, because "The System is Perfect". I hope this was in jest... All it will take is one expert witness to show the system is not perfect and there's hundreds of ways the bank (or even a smart criminal) could defraud the user. > Biometrics are an excellent example of this. They are a single factor > authentication technology, maybe two factor if there is a PIN, There are now techniques to copy latent fingerprints off surfaces and produce counterfeits that have been shown to fool _all_ commercially available fingerprint gear -- and it costs less than $2 per use. Biometrics is a failure because there is no shared secret; once a user submits to a test (either knowingly or not), the validator has all the information necessary to spoof that person _for the rest of their life_. S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking