biometrics

[Ben Laurie]

Bill Frantz wrote:
> 
> At 4:06 PM -0800 1/28/02, lynn.wheeler at firstdata.com wrote:
> >at least part of the fingerprint as a PIN ... isn't the guessing issue &/or
> >false positives .... it is the forgetting issue (and the non-trivial number
> >of people that write their PIN on the card).
> 
> Or to state it another way.  These cards attempt to use two factor
> authentication, what you have (the card) and what you know (the PIN).  When
> a user writes the PIN on the card, it becomes one factor authentication.
> Almost anything that returns it to being two factor security would be an
> improvement.  (Biometrics offers the possibility of 3 factor authentication.
> 
> What would be really nice is to be able to have the same PIN/password for
> everything.  With frequent use, forgetting it would be less of a problem,
> as would the temptation to write it down.  However, such a system would
> require that the PIN/password be kept secret from the verifier (including
> possibly untrusted hardware/software used to enter it.

This is why you need to carry your verifying equipment around with you -
a PDA with a decent OS is the way to go, IMO.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com