Comment 2PS Re: Your eyeball is your USER ID!

Story

Your eyeball is your password

Preview

Your eyeball is your USER ID! (Score: 3, Informative)

by Anonymous Coward on 2014-07-27 14:19 (#2NR)

Mistaking user ID for password has the potential for bodily harm. Didn't anyone see Minority Report? Do you really want to create a world where criminals want to steal your eyeballs? Thinking of biometrics as a replacement for passwords is one of the STUPIDEST and MOST DANGEROUS of all security mistakes!

User ID: Public, anyone can copy it, never changes, but you don't try to keep it secret because no one can hurt you with it; they would need your password.

Password: Secret, no one else should see it, must be replaced every six months.

You really want to replace your eyeballs every six months? THINK dammit before you spout nonsense.

Re: Your eyeball is your USER ID! (Score: 1)

by bryan@pipedot.org on 2014-07-28 22:52 (#2PD)

Indeed. Biometric login supporters always get this wrong and is one of my personal pet peeves. Fingerprints and retina scans are not passwords! In terms of login, you can narrow information sources into two simple categories.

Things you have
  • Name (or username)
  • Email address
  • Fingerprint
  • Retina Scan
  • Simple ID Card
This first list is mainly public information that nearly anyone can obtain (or guess) to use as a unique identifier. Nothing on this list should ever be used as a "password substitute."

Things you know
  • Password (or PIN)
  • Shared secret
This second list is secret information that is not public or easily obtainable. These are the things that could be used as a password.

To improve security, simply include an element from each list. A common example is: withdrawing cash from an ATM requires both a card and a PIN.

Re: Your eyeball is your USER ID! (Score: 1)

by spacebar@pipedot.org on 2014-07-29 13:12 (#2PS)

I think it's more commonly divided into

You have
  • Physical item that must be used (ie a key)
You are
  • Biometrics (fingerprints, eyeballs, etc)
You know
  • A password

Junk Status

Not marked as junk