Educause Security Discussion mailing list archives
Re: Password aging
From: Gary Dobbins <dobbins () ND EDU>
Date: Thu, 15 Jan 2004 10:09:09 -0500
One particular biomet vendor became known for their catchphrase "dead thumbs don't work" in an attempt to allay that fear. Perhaps the biggest chink in the biomet armor is, as someone pointed out earlier, the risk of subject-pattern intercept which could create a playback opportunity. Remember that old spy movie, where the bad guy has his retinas surgically altered so they looked like the subject? Someone once asked why he couldn't instead just get a full (all needed dimensions) scan of the subject's eye and put the data on a ROM on his keychain, then just tap into the scanner's datalink and play it back. Personally, I remain an advocate of 2-factor schemes where _both_ factors can be changed when/if needed. (I'd like to keep my thumbs, too, since the crooks may not know about the tagline above) Cal Frye wrote:
Gary Flynn wrote:I would personally be concerned about a compromise of my binary encoded finger or retina print. It would be pretty hard to change. But I guess they could be hashed with a changeable key. But then we would have to address the question of how often that hash key should be changed. :)I worry about a compromise of my finger. I never want to be in a position where my body parts are valuable to someone else before I'm finished with 'em. As long as it's only email we're talking about, I'm safe. Start talking serious money, and I get nervous. -- --Cal Frye, Network Administrator, Oberlin College www.ouuf.org, www.calfrye.com "That pygmies cast such tall shadows only shows how late in the day it is become" -- Chargaff. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
-- ------------------------------------------------------------ Gary Dobbins, CISSP -- dobbins () nd edu Director, Information Security University of Notre Dame, Office of Information Technologies Voice: 574.631.5554 ------------------------------------------------------------ "...mind the gap" ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password aging, (continued)
- Re: Password aging Gary Dobbins (Jan 14)
- Re: Password aging Jere Retzer (Jan 14)
- Re: Password aging David L. Wasley (Jan 14)
- Re: Password aging Angel L Cruz (Jan 14)
- Re: Password aging Gary Dobbins (Jan 14)
- Re: Password aging David L. Wasley (Jan 14)
- Re: Password aging Tim Lane (Jan 14)
- Re: Password aging Gary Flynn (Jan 14)
- Re: Password aging Dave Koontz (Jan 14)
- Re: Password aging Cal Frye (Jan 15)
- Re: Password aging Gary Dobbins (Jan 15)
- Re: Password aging Dennis Maloney (Jan 16)
- Re: Password aging Gordon D. Wishon (Jan 17)