Hitoshi Kokumai

2 years ago · 2 min. reading time · ~10 ·

Blogging
>
Hitoshi blog
>
Half-baked Discussion

Half-baked Discussion

i

Some friends directed my attention to this news report -   “Biometric auth bypassed using fingerprint photo, printer, and glue” https://www.bleepingcomputer.com/news/security/biometric-auth-bypassed-using-fingerprint-photo-printer-and-glue/

It looks like correct in saying "A fingerprint should not be considered a secure alternative to a strong password. Doing so leaves your information — and, potentially, your cryptoassets — vulnerable to even the most unsophisticated of attackers".   

But, it’s a half-baked discussion;  the above messages comes with such a non-sensical remark as “Fingerprints are a convenient biometric authentication method, but when it comes to critical applications, they should only be used as 2FAs in conjunction with a strong password.”   

A very similar argument is found in this report as well – “Your Fingerprint Can Be Hacked For $5. Here’s How”   https://blog.kraken.com/post/11905/your-fingerprint-can-be-hacked-for-5-heres-how/

What kind of 2FA?   

In the real world, two authenticators are mostly deployed in a security-lowering multi-entrance formation for the sake of availability. I have never seen the two deployed in a security-enhancing multi-layer formation (real 2FA) since the availability would have to be sacrificed (What about the users who can feed correct passwords and yet get rejected by probabilistic biometrics?)   

For more, please refer to “Biometrics is to Password what Back door is to Front door” 

Worry about a backdoor?

Key References 

Biometrics is to Password what Back door is to Front door


Removal of Passwords and Its Security Effect 

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

FRR (False Rejection Rages) False Acceptance Rates and False Rejection Rates 10 10% 10° 38 (Equa ror Rates) procucts (more accurate) 00 100 ar 100 10 FAR (Fale Accegtarce Rates)


Additional References
 

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens
 Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System 

 History, Current Status and Future Scenarios of Expanded Password System 

Availability-First Approach 

Update: Questions and Answers - Expanded Password System and Related Issues 

pad a&& ="B& EE - pad a&& ="B& EE

 < Videos on YouTube>
 

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

#Back #Biometrics #Password #Discussion #Expanded Password System
Comments

Zacharias 🐝 Voulgaris

2 years ago #1

It's amazing how we as a species now tackle quantum logic while the vast majority of people can't even manage conventional (Boolean) logic, enough to see through the fallacy of the two-door approach to security…

Articles from Hitoshi Kokumai

View blog
2 years ago · 2 min. reading time

Dual Causes of Password Predicament

Our password headache may well be the consequence of these dual causes - · ‘Use of Impracticable Pas ...

2 years ago · 2 min. reading time

Solid Secret Credential for Blockchain

Today's topic is this report - “How blockchain technology can create secure digital identities” · h ...

2 years ago · 2 min. reading time

Password Manager or Expanded Password System

“Expanded Password System is no bad, but we do not need it. · We can rely on password managers that ...

Related professionals

You may be interested in these jobs

  • Adecco

    Factory Operator/labourer

    Found in: Jooble UK O C2 - 4 days ago

    Adecco Newhaven, East Sussex, United Kingdom

    Factory Operative · Are you looking for a rewarding role in the manufacturing industry? Our client, a leading manufacturing organisation, is seeking a dedicated Factory Operative to join their team in Newhaven. As a Factory Operative, you will play a vital role in the production ...

  • ADR Eng Specialists Ltd

    Field Service Engineer

    Found in: Jooble UK O C2 - 12 hours ago

    ADR Eng Specialists Ltd Coventry, United Kingdom

    A leading brand in the supply and maintenance of fork lift truck machinery across the UK and abroad. This company offers a service and maintenance package to multiple clients with respect to various fork lift trucks and other material handling equipment are recruiting a Field Ser ...

  • Qualiteach Ltd

    SEN Teacher

    Found in: Click to Hired UK C2 - 1 hour ago

    Qualiteach Ltd Camden Town, United Kingdom Permanent, Full time

    SEN Teacher – Camden – Sept 2024 – MPS / UPS – (salary dependent on experience) – SEN School · * SEN Teacher required in Camden. · * SEN Teacher required for September start. · * SEN Teacher required for an SEN school. · * SEN Teacher - Must have QTS. · Do you have QTS? · Are you ...