Tuesday, February 17, 2015

Passwords

I was reading Windows 10 will let you say goodbye to passwords forever and was thinking "what a bad idea (and not just because it's MicroSoft).
Microsoft is adding support for the Fast Identity Online (Fido) standard to Windows 10 to enable password-free sign-on for a number of applications. 
The Fido standards aim to create a "universal framework" for secure but password-free authentication. Fido supports biometrics such as face, voice, iris, and fingerprint or dongles, and members of the group include Samsung, Visa, PayPal, RSA, MasterCard, Google, Lenovo, ARM, and Bank of America as well as Microsoft.

OK, so when my password is compromised (or I forget it) I request a new one and I'm good to go in a few (annoying) minutes. But what do I do when my biometrics are compromised? It's pretty easy to find a picture of just about anyone, so facial recognition is pretty much dead. Likewise voice. And other biometrics can be hacked.

The big problem is, once they are hacked, they are gone. I can't change my fingerprints if my account it compromised.

Biometrics are only as secure as the method used to obtain the data, and that's obviously not physically secure.

No thanks, Fido.

0 comments:

Post a Comment