Skip to main content

Biometrics for Increasing and Decreasing Security



It could be a correct use of biometrics for increasing security if biometrics is used for continuously monitoring the user's voice and behaviors to detect when a bad guy has grabbed the logged-in device from the user.

Demand the user's password afresh, and the bad guy could be turned away as discussed here - "Anything used correctly is useful and so are UV, disinfectant and biometrics."
https://www.linkedin.com/posts/hitoshikokumai_digital-identity-anything-used-correctly-activity-6663264695664934913-S2FS

It could be a wrong use of biometrics for decreasing security if biometrics is used as a second authenticator along with a default password as examined here - "Early models of smartphones were safer than newer models - How come?"

Windows Hello for payment authentication would be fine if the objective is to increase convenience, not security – “Google Chrome supports “Windows Hello” face unlock and fingerprint for payment authentication”  https://www.xda-developers.com/google-chrome-supports-windows-hello-payment-authentication/


Comments

Popular posts from this blog

Expanded Password System to Complement FIDO2

2 is larger than 1 but is not necessarily stronger than 1, as two children could be overwhelmed by a grown-up. For a two-factor authentication to be really reliable, each factor should be reasonably secure and usable enough. On the other hand, ‘password-less’ authentication, however attractive it might sound, would only benefit bad guys as examined in the link page - https://www.linkedin.com/pulse/removal-passwords-its-security-effect-hitoshi-kokumai/ People who offer a token as 'a factor' of two factor authentication schemes could all be viewed as our potential down-stream partners. Among them are the people who offer FIDO2-compatible solutions. Put together, we could come up with the two-factor authentications that are much more reliable than otherwise.

Puzzling Perception – Sacrificing Privacy for Decreased Security?

How much of our privacy are we ready to sacrifice in return for DECREASED security, not for increased security? Biometrics vendors seem to be reluctant to make it clearly known that biometrics and a default/fallback password/PIN are used together in a security-lowering ‘two-entrance’ deployment, not in a security-enhancing ‘two-layer’ deployment, in what they call “2-factor” biometrics authentication. The outcome is that we are awkwardly talking about how much of our privacy we could sacrifice in return for the increased security when we actually need to talk about the privacy sacrificed for lowered security. I am wondering how long we stay indifferent to this idiotic and unethical situation. Click the link for more- https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/ ** There are two houses – one with one entrance and the other with two entrances: which is friendlier to burglars who want to sneak into?