Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Biometric Security Not Ready to Replace Passwords

From: InfoSec News <isn () c4i org>
Date: Tue, 7 May 2002 03:48:39 -0500 (CDT)
Forwarded from: Steve Vawter <svawter () zonelabs com>

Could not this allow for some smart fellow to put their own device on
the system with their own fingerprint, bypassing the security?  What
type of security keeps this from occurring?


Their fingerprint-recognition devices keep the print data in the
devices themselves, not on a server or PC, and they have added other
security enhancements. Last year we looked at Precise Biometrics's
100 SC. This year, the new USB-connected Precise 100 MC surpassed
our expectations, earning a Reviewer's Choice designation."


Steve Vawter
UNIX SYSTEM ADMINISTRATOR
Zone Labs, Inc.
1060 Howard Street
San Francisco CA 94103
ph    415-341-8323
fax   415-341-8299
cell  510-409-9184
pager 877-933-0549

-----Original Message-----
From: InfoSec News [mailto:isn () c4i org]
Sent: Monday, May 06, 2002 12:27 AM
To: isn () attrition org
Subject: [ISN] Biometric Security Not Ready to Replace Passwords 


http://www.newsbytes.com/news/02/176325.html

By Carlos A Soto, Government Computer News
WASHINGTON, D.C., U.S.A.,
02 May 2002, 2:05 PM CST
 
Biometrics vendors are doing their best to supplant passwords as the
chief form of computer security, but Government Computer News Lab
tests indicate that many of their products are not quite ready. Some
developers have continued to improve already good devices, but others
need to go back to the drawing board.

Bad biometric security is worse than no security at all because it can
lock out a legitimate user, admit an interloper or - perhaps most
dangerous - lull a network administrator into a false sense of safety.
 
For this review we examined six fingerprint-recognition devices and
one voice-recognition device. A word of caution: An administrator
cannot deploy large numbers of any of those fingerprint devices
without third-party administrative software.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: