Reply to post: Repeat after me:

No password? No worries! Two new standards aim to make logins an API experience

Norman Nescio

Repeat after me:

A biometric is not an authentication mechanism, it is merely an identifier.

++++

People who use biometrics as passwords are basically of the opinion that with a sufficiently complicated username, you don't need a password to be secure.

There are plenty of people willing to take full advantage of such ignorance.

The reason hardware-based tokens are usable is that they are only associated with an identity, and that association can be broken if it is necessary, and a new token associated with the identity in its place. This is difficult to do with fingerprints, retinal scans and hand vein patterns (easy to break, not so easy to substitute).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021