Biometric/fingerprint securit...uh?
-
Citing my friend who works in a "biometric security solutions" firm:
"yesterday on a training they told us what happened to one colleague: at Friday, he was leaving last from the offices, and his fingers were greasy, and so at Sunday, when sun shone stronger on the fingerprint scanner next to the door, he got logged in to work"
-
@sh_code said in Biometric/fingerprint securit...uh?:
Citing my friend who works in a "biometric security solutions" firm:
"yesterday on a training they told us what happened to one colleague: at Friday, he was leaving last from the offices, and his fingers were greasy, and so at Sunday, when sun shone stronger on the fingerprint scanner next to the door, he got logged in to work"
"I work from dusk till dawn"
-
Yep.
Biometrics are not security, for the most part.
-
@sh_code I don't know how fingerprint scanners are made, but I imagined that a device which is supposed to open doors only when the sensor is covered with finger blocking the outside lighting, wouldn't spontaneously trigger due to outside lighting being stronger than usual.
-
@gąska said in Biometric/fingerprint securit...uh?:
@sh_code I don't know how fingerprint scanners are made, but I imagined that a device which is supposed to open doors only when the sensor is covered with finger blocking the outside lighting, wouldn't spontaneously trigger due to outside lighting being stronger than usual.
Some fingerprint scanners react on warmth, to foil the usage of dead digits amongst other things.
Fingerprint scanners also have to weigh false positives vs false negatives, and most prefer to accept false positives to dealing with false negatives for usability. Though it's been a couple of years since I checked the field out so they may have come up with better scanners.
Still plenty of other problems with the technology as a security measure though.
-
@carnage said in Biometric/fingerprint securit...uh?:
Fingerprint scanners also have to weigh false positives vs false negatives, and most prefer to accept false positives to dealing with false negatives for usability.
Much secure. Wow.
-
@carnage said in Biometric/fingerprint securit...uh?:
@gąska said in Biometric/fingerprint securit...uh?:
@sh_code I don't know how fingerprint scanners are made, but I imagined that a device which is supposed to open doors only when the sensor is covered with finger blocking the outside lighting, wouldn't spontaneously trigger due to outside lighting being stronger than usual.
Some fingerprint scanners react on warmth, to foil the usage of dead digits amongst other things.
Fingerprint scanners also have to weigh false positives vs false negatives, and most prefer to accept false positives to dealing with false negatives for usability. Though it's been a couple of years since I checked the field out so they may have come up with better scanners.
Still plenty of other problems with the technology as a security measure though.you could say this incident shines a new light on the field of biometrics...
-
update notes:
-built sunshade above the entrance door to improve security
-
@sh_code said in Biometric/fingerprint securit...uh?:
update notes:
-built sunshade above the entrance door to improve security
Some serious shit you got there. Impenetrable like Fort Knox.
-
@carnage said in Biometric/fingerprint securit...uh?:
Fingerprint scanners also have to weigh false positives vs false negatives, and most prefer to accept false positives to dealing with false negatives for usability.
Usually it's configurable, so the customer can tweak it the other way too. But yeah, this is why when you go to real secure areas it's not all biometrics like you see in the movies (sometimes biometric authentication is checked but it's not the only authentication measure): Any false positives are unacceptable and all biometric authenticators (of which I'm aware) have some false positives, even if they're rare. False negatives don't matter so much unless they're at such a rate as to make the system effectively unusable.
-
Fingerprints scanner have a problem with residual fingerprints.
And also a much more fundamental problem: biometric features can't be revoked, and in the specific case of fingerprints, are almost public (just find any object the target individual has touched).
So fingerprint scanners are not secure enough by themselves. They should be used only as an additional security factor, or if the thing being secured is of low value.
Of course, manufacturers of fingerprint-based security avoid talking about this.
-
@carnage said in Biometric/fingerprint securit...uh?:
Yep.
Biometrics are not security, for the most part.Other than being totally insecure, I prefer when criminals don't need to cut my finger or eye out to steal me.
-
Before this thread becomes yet another "biometrics suck" circlejerk, I just want to throw some food for thought here.
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
-
@sh_code said in Biometric/fingerprint securit...uh?:
@carnage said in Biometric/fingerprint securit...uh?:
@gąska said in Biometric/fingerprint securit...uh?:
@sh_code I don't know how fingerprint scanners are made, but I imagined that a device which is supposed to open doors only when the sensor is covered with finger blocking the outside lighting, wouldn't spontaneously trigger due to outside lighting being stronger than usual.
Some fingerprint scanners react on warmth, to foil the usage of dead digits amongst other things.
Fingerprint scanners also have to weigh false positives vs false negatives, and most prefer to accept false positives to dealing with false negatives for usability. Though it's been a couple of years since I checked the field out so they may have come up with better scanners.
Still plenty of other problems with the technology as a security measure though.you could say this incident shines a new light on the field of biometrics...
@Groaner, please call your office.
-
@anonymous234 said in Biometric/fingerprint securit...uh?:
Before this thread becomes yet another "biometrics suck" circlejerk, I just want to throw some food for thought here.
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
Now, how do you tell your mother and a T1000 apart?
Wolfy knows how.
-
@anonymous234 said in Biometric/fingerprint securit...uh?:
Before this thread becomes yet another "biometrics suck" circlejerk, I just want to throw some food for thought here.
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
That's right, although the reason we say that "biometrics suck" is not the inherent concept of biometrics, as such. What sucks is the current and past (and likely future) implementations of informatic biometrics. The human brain is very good at deeply parallel pattern matching, which allows us to recognise human faces as being the same or not, and if not, how close, in extremely short periods of time and with the ability to adapt to fairly radical changes in appearance as well. Informatic solutions? Not so much.
-
@sh_code The real problem in that case was that everything was automatic, no human being overseeing the process.
Malaysia takes fingerprints when you enter. On a very rainy day, I cycled from Hat Yai in Thailand to Changlung in Malaysia. The fingerprint reader at the border checkpoint didn't cope with my wet fingers, despite a few retries. But then the officer decided that I still can enter the country (well, they had my fingerprints from a few weeks before when I entered at KL airport).
You see: a man with a brain is still the best solution.
-
@steve_the_cynic said in Biometric/fingerprint securit...uh?:
@anonymous234 said in Biometric/fingerprint securit...uh?:
Before this thread becomes yet another "biometrics suck" circlejerk, I just want to throw some food for thought here.
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
That's right, although the reason we say that "biometrics suck" is not the inherent concept of biometrics, as such. What sucks is the current and past (and likely future) implementations of informatic biometrics. The human brain is very good at deeply parallel pattern matching, which allows us to recognise human faces as being the same or not, and if not, how close, in extremely short periods of time and with the ability to adapt to fairly radical changes in appearance as well. Informatic solutions? Not so much.
I'm constantly amazed by how good our brains are at visual recognition. We can (well most of us anyway) reliably distinguish people even after they change hair, facial hair, loose/gain weight, change clothing styles radically. I ran into an old roommate (after about a decade) and was able to recognize him pretty much straight off, despite the time and both of us gaining weight.
Machines? Not so much.
-
@anonymous234 said in Biometric/fingerprint securit...uh?:
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
And her attitude towards me. A bum is unlikely to punch me in the face (well, less likely).
-
-
@heterodox said in Biometric/fingerprint securit...uh?:
Usually it's configurable, so the customer can tweak it the other way too.
Which probably happens about as often as the default password on a router being changed. Somewhere between "never" and "once in a blue moon" (and when it happens, the user will have misunderstood the configuration setting and picked one that doesn't work).
-
@sh_code said in Biometric/fingerprint securit...uh?:
update notes:
-built sunshade above the entrance door to improve security
Ah. So all I need is a good flashlight!
-
@carnage said in Biometric/fingerprint securit...uh?:
Biometrics are not security, for the most part.
Sure they are. They're just for the identification portion of security, and not the authentication portion of security.
That is to say, fingerprints are usernames, not passwords.
-
Biometrics are a lot like having your password tattooed across your face, but if the password was long and hard to read.
-
@dcon said in Biometric/fingerprint securit...uh?:
@sh_code said in Biometric/fingerprint securit...uh?:
update notes:
-built sunshade above the entrance door to improve security
Ah. So all I need is a good flashlight!
update notes:
-instructed the business park gatekeeper to take away people's flashlights and mobile phones on entry to improve security
-
@steve_the_cynic said in Biometric/fingerprint securit...uh?:
That's right, although the reason we say that "biometrics suck" is not the inherent concept of biometrics, as such. What sucks is the current and past (and likely future) implementations of informatic biometrics. The human brain is very good at deeply parallel pattern matching, which allows us to recognise human faces as being the same or not, and if not, how close, in extremely short periods of time and with the ability to adapt to fairly radical changes in appearance as well. Informatic solutions? Not so much.
Actually, that's not accurate anymore. Modern facial recognition software has about the same error rate as humans. (ie. if two different people look similar enough to fool the software into thinking they're probably the same person, they look similar enough to fool you into thinking they're probably the same person too.)
-
@gąska said in Biometric/fingerprint securit...uh?:
@sh_code I don't know how fingerprint scanners are made, but I imagined that a device which is supposed to open doors only when the sensor is covered with finger blocking the outside lighting, wouldn't spontaneously trigger due to outside lighting being stronger than usual.
Though I don’t think it covers this particular scenario, look up the Mythbusters episode where they try to spoof a fingerprint scanner. It’s very illuminating as to how secure these things are.
Not very.
(But why do I bother hiding that obvious answer? Beats me too.)
-
@benjamin-hall said in Biometric/fingerprint securit...uh?:
We can (well most of us anyway) reliably distinguish people even after they change hair, facial hair, loose/gain weight, change clothing styles radically.
Speak for yourself :) When I happen to come across TV programs that talk about celebrities, I frequently don’t recognise them from their pictures at all until the name is mentioned. Especially actresses and female singers, and I’ve concluded this is because of the way they keep changing their hair and makeup and stuff all the time.
OTOH, I have little or no trouble distinguishing between, just to pick something quasi-randomly, a Leopard 1A1, 1A2, 1A5, or 1-V :)
-
@sh_code said in Biometric/fingerprint securit...uh?:
@dcon said in Biometric/fingerprint securit...uh?:
@sh_code said in Biometric/fingerprint securit...uh?:
update notes:
-built sunshade above the entrance door to improve security
Ah. So all I need is a good flashlight!
update notes:
-instructed the business park gatekeeper to take away people's flashlights and mobile phones on entry to improve security- Steal cell phone
- Use flash light to enter
- Hand over cell phone and flash light
- ???
- Profit!
-
@gurth said in Biometric/fingerprint securit...uh?:
@benjamin-hall said in Biometric/fingerprint securit...uh?:
We can (well most of us anyway) reliably distinguish people even after they change hair, facial hair, loose/gain weight, change clothing styles radically.
Speak for yourself :) When I happen to come across TV programs that talk about celebrities, I frequently don’t recognise them from their pictures at all until the name is mentioned. Especially actresses and female singers, and I’ve concluded this is because of the way they keep changing their hair and makeup and stuff all the time.
OTOH, I have little or no trouble distinguishing between, just to pick something quasi-randomly, a Leopard 1A1, 1A2, 1A5, or 1-V :)
Celebrities are something I don't pay attention to at all, so I don't even have the data to recognize them at all in the first instance. But people I know, I can recognize even if they change.
Edit: I may not remember their names right off, because my name-storage partition is tiny and so gets flushed frequently. But there's a definite flag in the database that says I've met them and should know them.
-
@carnage said in Biometric/fingerprint securit...uh?:
@anonymous234 said in Biometric/fingerprint securit...uh?:
Before this thread becomes yet another "biometrics suck" circlejerk, I just want to throw some food for thought here.
How do you generally tell your mother and a street bum apart? By their appearance. Which is just advanced biometrics. Bam.
Now, how do you tell your mother and a T1000 apart?
Wolfy knows how.My mother doesn't use an encryption key determined by her MAC address.
-
@Gurth, @Benjamin-Hall : You're lucky. I have a lot of trouble with faces ; I need a lot of time to memorize them, and forget them easily. Lots of times I've unintentionally made people think I ignored them, because I didn't even realize I've met them before. I don't recognize most celebrities (even the very famous ones), and watching movies and TV series is a real challenge. To top it off, I tend to easily forget names as well, even if I remember the person.
Interestingly enough, they only found out a few years ago that it was an actual medical condition, affecting a low percentage of the population.
-
@zerosquare said in Biometric/fingerprint securit...uh?:
@Gurth, @Benjamin-Hall : You're lucky. I have a lot of trouble with faces ; I need a lot of time to memorize them, and forget them easily. [...] To top it off, I tend to easily forget names as well, even if I remember the person.
Yeah, this. I also find I have real trouble recognising people outside of their usual context, unless I know them very well.
I don't tend to have as much trouble with movies and TV shows as @zerosquare, unless there are two broadly similar looking characters, in which case yes, I'll get confused between them. And don't ever expect me to know who the actor is playing a particular role, unless they were previously in a series that I watched a lot and that had a stable cast for a long time. Even then it's chancy.
-
@benjamin-hall said in Biometric/fingerprint securit...uh?:
Celebrities are something I don't pay attention to at all
Neither do I, which is probably why I have trouble recognising the ones I do sort of know when they change their looks :)
@zerosquare said in Biometric/fingerprint securit...uh?:
To top it off, I tend to easily forget names as well, even if I remember the person.
Names I have more trouble remembering than faces, but funnily enough mainly in the real world and not with people I’m unlikely to ever actually meet. Names of people I’m introduced to or who say theirs on the phone tend to be in one ear, out the other.
Thinking about it now, I suspect it’s because I hear those names rather than see them written down, as you would names of, say, actors or singers on TV, album covers, movie posters, etc. When watching TV shows, I also often have trouble keeping track of the names of characters other than the central ones — I often think of them as “The girl who’s been kidnapped” rather than “Ann Gallagher” for example (bonus points for knowing what TV series I’ve most recently watched).
-
@zerosquare said in Biometric/fingerprint securit...uh?:
@Gurth, @Benjamin-Hall : You're lucky. I have a lot of trouble with faces ; I need a lot of time to memorize them, and forget them easily. Lots of times I've unintentionally made people think I ignored them, because I didn't even realize I've met them before. I don't recognize most celebrities (even the very famous ones), and watching movies and TV series is a real challenge. To top it off, I tend to easily forget names as well, even if I remember the person.
Interestingly enough, they only found out a few years ago that it was an actual medical condition, affecting a low percentage of the population.
I can't differentiate the faces of Adam Sandler and Ben Stiller, for example. I have lots of trouble with not recognizing people out of context.
-
@sockpuppet7 there are movies I go completely confused because I can't tell one character from the other, it's frustrating with these ones.
-
@sockpuppet7 said in Biometric/fingerprint securit...uh?:
@sockpuppet7 there are movies I go completely confused because I can't tell one character from the other, it's frustrating with these ones.
I sometimes can't keep track of all the faces... Maybe that's one reason I always think the book (when it's a made-from-book-movie) is always better. Nah, that's just because the book is better.
-
@dcon said in Biometric/fingerprint securit...uh?:
@sockpuppet7 said in Biometric/fingerprint securit...uh?:
@sockpuppet7 there are movies I go completely confused because I can't tell one character from the other, it's frustrating with these ones.
I sometimes can't keep track of all the faces... Maybe that's one reason I always think the book (when it's a made-from-book-movie) is always better. Nah, that's just because the book is better.
I still remember the first time I read The Lord of the Rings (I was probably 12 or 13 years old). I got Sauron and Saruman mixed up and a whole bunch of stuff in the middle didn't make a lot of sense for a while.
-
@sockpuppet7 said in Biometric/fingerprint securit...uh?:
I can't differentiate the faces of Adam Sandler and Ben Stiller, for example.
One's an unfunny hack who mugs at the camera and the other's... oh wait that's not going to help.
-
-
-
@masonwheeler said in Biometric/fingerprint securit...uh?:
@Steve_the_Cynic said in Biometric/fingerprint securit...uh?:
That's right, although the reason we say that "biometrics suck" is not the inherent concept of biometrics, as such. What sucks is the current and past (and likely future) implementations of informatic biometrics. The human brain is very good at deeply parallel pattern matching, which allows us to recognise human faces as being the same or not, and if not, how close, in extremely short periods of time and with the ability to adapt to fairly radical changes in appearance as well. Informatic solutions? Not so much.
Actually, that's not accurate anymore. Modern facial recognition software has about the same error rate as humans. (ie. if two different people look similar enough to fool the software into thinking they're probably the same person, they look similar enough to fool you into thinking they're probably the same person too.)
I'm not sure about that. Software can still identify faces where there are none, or miss identifying a (partial) face where there is one. Furthermore, people can generally guess at a person's identity from other perspectives than just a view of their face, so we're still way ahead in terms of identifying persons.
-
@djls45 said in Biometric/fingerprint securit...uh?:
@masonwheeler said in Biometric/fingerprint securit...uh?:
@Steve_the_Cynic said in Biometric/fingerprint securit...uh?:
That's right, although the reason we say that "biometrics suck" is not the inherent concept of biometrics, as such. What sucks is the current and past (and likely future) implementations of informatic biometrics. The human brain is very good at deeply parallel pattern matching, which allows us to recognise human faces as being the same or not, and if not, how close, in extremely short periods of time and with the ability to adapt to fairly radical changes in appearance as well. Informatic solutions? Not so much.
Actually, that's not accurate anymore. Modern facial recognition software has about the same error rate as humans. (ie. if two different people look similar enough to fool the software into thinking they're probably the same person, they look similar enough to fool you into thinking they're probably the same person too.)
I'm not sure about that. Software can still identify faces where there are none, or miss identifying a (partial) face where there is one. Furthermore, people can generally guess at a person's identity from other perspectives than just a view of their face, so we're still way ahead in terms of identifying persons.
There is, however, the problem that you can actually (passively) train people to misremember faces.
That's why eye witnesses can be very unreliable if the police uses the wrong questions and techniques. Plus, with software you always have the foundational data available - if you corrupt the memory of an eye witness there's nothing you can do about that.
-
@Zerosquare said in Biometric/fingerprint securit...uh?:
@Gurth, @Benjamin-Hall : You're lucky. I have a lot of trouble with faces ; I need a lot of time to memorize them, and forget them easily. Lots of times I've unintentionally made people think I ignored them, because I didn't even realize I've met them before. I don't recognize most celebrities (even the very famous ones), and watching movies and TV series is a real challenge. To top it off, I tend to easily forget names as well, even if I remember the person.
Interestingly enough, they only found out a few years ago that it was an actual medical condition, affecting a low percentage of the population.
My digital electronics professor had pretty bad face blindness. He couldn't recognize his own students from day to day, and went almost solely by his seating chart. He recommended that we participate a lot in class and reintroduce ourselves and mention his class if we saw him around campus. He knew me a little better because I went to his church for a while, too.
I personally confuse a lot of celebrities, probably mostly because I don't watch much TV or movies or follow the celebrity news or such. I also have trouble with names, unless they're frequently repeated over time or (sometimes) if I see them written down.
-
@djls45 said in Biometric/fingerprint securit...uh?:
I don't watch much TV or movies or follow the celebrity news
-
@djls45 said in Biometric/fingerprint securit...uh?:
I'm not sure about that. Software can still identify faces where there are none
-
