Obviously a tout, get Ed Sheeran onto them!
7 posts • joined 19 Dec 2017
Biometrics: Better than your mother's maiden name. Good luck changing your body if your info is stolen
It's Business folks, not Security...
Whatever system, we all know that it is only the $$$ impact that will changes things, and nothing else! For example, the entire fraudulent activity of card-not-present (CNP) scenarios is supported by the insurance industry. That "were all insured, so don't worry" is supported and paid for by us all! It’s called APR rates.
As many experienced security professionals on this this board know, there is no perfect security, and good enough will do when everybody pays toward the 5% (nominal %) fraudulent activity.
So when will change come? When online fraud and loss exceeds that which underwriters are prepared to cover...? No! They just put premiums up, it's business! And that’s all it is folks, business - nothing to do with security. That is where many security professional get in a knot, including myself.
Biometrics, I sense there will be a sting in the tail! And consumers will be the ones to pay for it.
Nothing is indispensable, especially so, those who believe they are!
I do not believe the view "it is this indispensable tool" I am pretty sure alternatives for every Faceboook feature exist! The one thing Facebook has been successful at, tapping into the human 'Tribal' nature that drives us to herd and want to fit in! - it is preferable to be at the table than on the menu!
But, indispensable, No!
Time to change the model... 18 months window before decline sets in!
So the next question, will a large majority of EU based 'Data Subjects' request personal data be deleted ? Will all the non Facebook users request all 'ghost profile' data be deleted? The second set of users is likely to dwarf the 700M regular accounts... What affect will that have on Facebook advert revenues?
Change to a subscription model Facebook, protect users data, broker consensual sharing or even selling of data - adopt a new model to survive.
Re: And when your biometric data gets stolen?
Good observation, biometrics are best used to prove who you are - not authenticate as credential. It is only a matter of time before biometrics are rendered utterly useless as a weak authenticator method.
As biometric repositories build up around the globe the possibility of false acceptance rises, I would foresee Asia as the first continent by population that has their biometric profiles copied! Between the Indian Aadhar initiative and the secretive Chinese authorities, they will probably file all but your back village laborer’s profiles before this year is out!
How can you trust “probably” when your profile is dotted about everywhere, analogous to walking around with 'that' post-it note on your forehead!
Given all that I understand about Biometrics I would applaud this stance as Biometrics are inherently not secure – time will tell! Oh, but my mistake, there is no stance here - it is a delay in jumping off the fence! So either the UK government does not know or (cynical me) it is mindful of upsetting the potential tax revenue from the impending Biometric frenzy.
That opening paragraph was any easy shot ;-)
The fundamental flaw with Biometrics is that we all have only *one profile! Finger print, Retina Scan, DNA or other… Once a Biometric profile is out, it’s gone forever as an authentication factor. Unique but not Secret! Which means Biometrics can be used for identification not authentication!
Biometrics can be used as a secondary factor for Authentication but never ‘the’ factor.