Authentication based on Something you Are

• This is known as biometrics
  • Fingerprints
  • Hand geometry
  • retina and Iris recognition.
  • Voice
  • Handwriting, hand motions, ...
  • Patterns of use such as typing
  • Facial recognition
  • Blood vessels profiling.
• These almost all require a special physical device.
  • Which are subject false positives (authorizing the wrong person)
  • And false negatives (rejecting the correct person)
  • A biometric mouse
• The book lists a number of problems with biometrics.
  • Biometrics are new
    • It is developing technology
    • It is viewed as invasive by some (only criminals have their fingerprints taken)
    • It is viewed as dangerous by some (point a laser at your eye?)
  • Biometrics require additional hardware
    • This adds expense to the computing environment.
  • They are a single point of failure
    • If you can't get your fingerprint to scan, you can't work.
    • Temporary injuries could be problematic
    • Or changes over time.
  • Variations in the environment might change the operation
    • Changes in lighting
    • Changes in humidity, temperature, ...
  • False positives, false negatives.
  • The speed of the device could be problematic
    • Bad example, but 2fa is annoying me.
  • Cybercriminals are smart and will find ways to bypass these.
    • The sidebar on page 59 is interesting.
    • Wow!
    • A comment on a James Bond clip by a former CIA Covert Operations Officer
• In the end, biometrics are not binary, they are a chance of a match.
  • They discuss how fingerprints are not really unique.