biometrics
Ben Laurie
ben at algroup.co.uk
Wed Jan 30 03:45:39 EST 2002
Bill Frantz wrote:
>
> At 4:06 PM -0800 1/28/02, lynn.wheeler at firstdata.com wrote:
> >at least part of the fingerprint as a PIN ... isn't the guessing issue &/or
> >false positives .... it is the forgetting issue (and the non-trivial number
> >of people that write their PIN on the card).
>
> Or to state it another way. These cards attempt to use two factor
> authentication, what you have (the card) and what you know (the PIN). When
> a user writes the PIN on the card, it becomes one factor authentication.
> Almost anything that returns it to being two factor security would be an
> improvement. (Biometrics offers the possibility of 3 factor authentication.
>
> What would be really nice is to be able to have the same PIN/password for
> everything. With frequent use, forgetting it would be less of a problem,
> as would the temptation to write it down. However, such a system would
> require that the PIN/password be kept secret from the verifier (including
> possibly untrusted hardware/software used to enter it.
This is why you need to carry your verifying equipment around with you -
a PDA with a decent OS is the way to go, IMO.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list