Hitoshi Kokumai

9ヶ月前 · 1 分の読書時間 · visibility ~100 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Why are we so persistent in the efforts to bust the falsehood of biometrics?

Because the wide-spread falsehood of biometrics is still so persistent as highlighted in this report -


Really convenient indeed – for Criminals!

How are those people informed and informing? Just misguided and misguiding?

- Click these links for the answer -

“ComfortableBiometrics Ecosystem”

“On Misperceptionof Biometrics”

Why don’t we mention the better convenience for consumers?

- Answer: Consider the huge inconvenience that the consumers have to face over their lifespan when their biometrics data, that cannot be cancelled, have been leaked.

Why are we so persistent in the efforts to bust the falsehood of biometrics?Structure of Threats to Security of Biometrics<br />
<br />
 <br />
<br />
ven logically snd mathematically

A default/fallback password is the password, isn’t it?

 Let us infer what biometrics promoters and adopters would assert in order to justify their allegation that biometrics, while depending on the password, can displace the password.

 It could be "We are aware that consumers have to rely on a default password as the fallback measure in case of false rejection. But, the consumers can complete the authentication without using the password/pincode when they are not rejected by the biometrics. This observation encourages us to assert that biometrics enables us to achieve a password/pincode-less authentication while providing good convenience to citizens".

 What they would not mention is "We are not interested to talk about the reality that the adoption of biometrics has enabled criminals to capitalize on the two entrances placed in a 'multi-entrance' deployment which has brought down security to the level lower than a password/pincode-only authentication. Convenience that we offer actually benefits criminals."

thumb_up 関連性 message コメント
Hitoshi Kokumai

Hitoshi Kokumai

8ヶ月前 #2

It sounds possible, theoretically. To the best of know my knowledge, however, no biometrics vendors have put the 'multi-layer' deployment of the user's secret credential and biometrics into actual use. I can guess why; the user who gets falsely rejected by biometrics would be forced to give up the access altogether and starting the troublesome process of account recovery even if they are capable of feeding the correct secret credential. As such, what the user would have to face is not the issue of convenience, but the issue of availability.

Zacharias 🐝 Voulgaris

Zacharias 🐝 Voulgaris

9ヶ月前 #1

After having pondered on the matter for a while, I've come to the conclusion that the only real-world value-add of biometrics in cybersecurity is as a secondary layer on top of the passphrase-based one. Not parallel to it, but serial to is, much like a Two Factor Authentication (TFA) process. Cheers

その他の記事 Hitoshi Kokumai