biometrics
Bill Frantz
frantz at pwpconsult.com
Tue Jan 29 16:14:27 EST 2002
At 4:06 PM -0800 1/28/02, lynn.wheeler at firstdata.com wrote:
>at least part of the fingerprint as a PIN ... isn't the guessing issue &/or
>false positives .... it is the forgetting issue (and the non-trivial number
>of people that write their PIN on the card).
Or to state it another way. These cards attempt to use two factor
authentication, what you have (the card) and what you know (the PIN). When
a user writes the PIN on the card, it becomes one factor authentication.
Almost anything that returns it to being two factor security would be an
improvement. (Biometrics offers the possibility of 3 factor authentication.
What would be really nice is to be able to have the same PIN/password for
everything. With frequent use, forgetting it would be less of a problem,
as would the temptation to write it down. However, such a system would
require that the PIN/password be kept secret from the verifier (including
possibly untrusted hardware/software used to enter it.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list