Hey, Biometrics Guys! Get Provoked!
Over several years we have repeatedly made clear that biometrics brings down security to the level lower than a password-only authentication where it is used together with a password in a ‘multi-entrance’ deployment, as against a “multi-layer” deployment.
The first article written in English on was “Biometrics & Conundrum” published on 7/Dec/2014 . The latest one is “Threat of Biometrics toSecurity and Its Structure” of 23/Sep/2019.
We have received not a single logical or evidence-based refutation (*1), which led us to suspect that the biometrics guys love a one-way propaganda but hate the exchange of opinions.
In other words, it looks as though they are afraid that, should they publicly admit the necessity and actual presence of 'fallback measure', a default password/pincode in most cases, the foundation of their decades-long allegation of “Biometrics brings better security than passwords” would evaporate right away.
As such we are led to suspect that all that the biometrics guys can do is turn a blind eye, cover their ear, close their mouth and keep earning as much quick money as possible before their 'business model' collapses.
Incidentally, we are also very worried to have noticed that biometrics data is seldom publicized in a logical and scientific manner.
Quite a few biometrics vendors publicize a part of a fact and do not disclose the other part of the fact, for instance, publicizing a nicely low false match/acceptance rate without saying anything about the corresponding false non-match/rejection rate, which could be alarmingly high, but remains unknown to the public.
Subsequently, this phenomenon comes with their silence on the need and presence of a fallback password/pincode against the false non-match/rejection, which brings down security to the level lower than password/pincode-only authentication as repeatedly made clear.
Moreover, we could add that unsubstantiated theoretical data is often presented as if it were the empirical data.By ‘biometrics guys,’ we mean not just the biometrics vendors but those officials, professionals, researchers, consultants, journalists, etc. who have gained a lot from this dubious way of doing business..
Biometrics Guys! Should you be confident that we are mistaken somewhere in this article, you would be welcomed to refute specifically where you reckon we are wrong.
-------------------------------------------------
*1 The counter-arguments that we have so far been given were basically (a) from the people (*2) who would only repeat the unprovable assertion that biometrics is stronger than passwords, or (b) the people (*3) who did not know anything about the trade-off-relation between false acceptance/match and false rejection/non-match or (c) the people (*4) who know the trade-off relation but are apparently ignorant of or are possibly pretending to be indifferent to the opposite security effects of two authenticators used in ‘multi-layer’ and ‘multi-entrance’ deployments.
*2 A direct comparison would not make sense between a biometrics on its own, which is probabilistic, and a password on its own, which is deterministic. Furthermore, as a matter of practice, how can we select the test samples to compare from among numerous combinations in the broad spectrum in between the two extremes of the securest password vs the least accurate biometrics and the poorest password vs the most accurate biometrics?
On the other hand, it is just logical and easy to compare (A) a password with (B) a biometrics with the same password as a fallback measure against false rejection/non-match. Logic tells us that (B) is inevitably weaker than (A) as outlined in this short video - https://youtu.be/wuhB5vxKYlg
This observation is valid however accurate or inaccurate the biometrics may be, and however strong or weak the password may be. It is also valid even if someone comes up with a perfectly ‘spoofing-proof’ biometrics.
*3 The trade-off relation between false acceptance/match and false rejection/non-match is explained here with graphs – http://www.valuewalk.com/2018/02/biometrics-aadhaar-danger/
*4 The opposite security effects of two authenticators used in 'multi-layer' and 'multi-entrance' deployments are closely examined here –
https://www.slideshare.net/HitoshiKokumai/quantitative-examination-of-multiple-authenticator-deployment
#identity #authentication #password #security #safety #biometrics #ethic #privacy #civilrights #democracy
Hitoshi Kokumaiの記事
ブログを見るWe today take up this report “NSA: We 'don't know when or even if' a quantum computer will ever be a ...
https://aitechtrend.com/quantum-computing-and-password-authentication/ · My latest article titled ‘Q ...
I would like to take up this somewhat puzzling report - “Google advises passwords are good, spear ph ...
この職種に興味がある方はこちら
-
Lead Customer Service Administrator
次の場所にあります: Talent JP C2 - 1日前
Thermo Fisher Scientific Yokohama, 日本 フルタイムサプライチェーンの各部門との連携の起点となり、AIGビジネスにおいて、受注から納品までを責任をもって対応する。 · - 営業・マーケティングなど関連部署と密接にコミュニケーションをはかり、カスタマーサービスとしてビジネスの成長に貢献する。 · - 常にお客様第一の意識を持ち、よりよい顧客経験の提供をおこなう。 · - カスタマーサービスのプロセスの改善や、ルール整備など、より効率的に正確に業務が実施できるよう改善を推進する。 · - チームとしてより大きな成果を出せるようチームプレーヤーのマインドセットを持ちつつ、リーダー候補として問題解決や目標達成に主 ...
-
セブン-イレブン 鴻巣宮前店
次の場所にあります: Talent JP C2 - 1日前
株式会社セブン - イレブン・ジャパン Konosu, 日本セブン‐イレブンでは、毎週約100品目もの新商品が誕生。話題の商品や新商品をいち早くキャッチ · セブン-イレブンのコンビニスタッフ求人です。レジ・接客販売をはじめ、清掃・食品や日用雑貨などの陳列、納品作業などが主なお仕事です。慣れてくれば商品の発注などお任せします。未経験でも丁寧にお教えしますのでご安心ください。セブン-イレブンの新商品をいち早くチェックできるのも嬉しいポイント · ...
-
カフェスタッフ
次の場所にあります: Talent JP C2 - 1日前
公開範囲1.等を含む求人情報を公開する Aomori, 日本 パート仕事内容 · ◎ドッグカフェのホールにおける接客 · (調理、注文、料理及びドリンクの提供、レジ等) · ◎グッズ販売、レジ業務 · ◎清掃及び関連する業務 雇用形態 パート労働者 正社員登用の有無 あり 正社員登用の実績(過去3年間) 3名登用 派遣・請負等 就業形態 派遣・請負ではない 雇用期間 雇用期間の定めあり(4ヶ月以上) 1年 契約更新の可能性 あり(原則更新) 就業場所 〒 青森県青森市浜田3-1-1 ドリームタウンALI D棟 · DOG GARDEN 青森 受動喫煙対策 ...
コメント