Story 2014-07-27 3RW Your eyeball is your password

Your eyeball is your password

by
in hardware on (#3RW)
Interesting things brewing over at Google, where two recent patents show a push to operationalize new technology that lets you unlock a device using a retinal scan.
The process has three steps:
Receiving light on an iris of an eye
Detecting, at one or more light sensors disposed on or within a transparent lens covering at least a portion of the eye, light reflected from the light incident on the iris of the eye, wherein the light reflected comprises image data indicative of a pattern associated with the iris.
Outputting an iris fingerprint based in part on the image data
A related patent looks at an encoded contact lens and its application. Perhaps the days of Google Glass will be numbered, as the fashion-conscious will quickly move right to the next, obvious step.
Reply 11 comments

Your eyeball is your USER ID! (Score: 3, Informative)

by Anonymous Coward on 2014-07-27 14:19 (#2NR)

Mistaking user ID for password has the potential for bodily harm. Didn't anyone see Minority Report? Do you really want to create a world where criminals want to steal your eyeballs? Thinking of biometrics as a replacement for passwords is one of the STUPIDEST and MOST DANGEROUS of all security mistakes!

User ID: Public, anyone can copy it, never changes, but you don't try to keep it secret because no one can hurt you with it; they would need your password.

Password: Secret, no one else should see it, must be replaced every six months.

You really want to replace your eyeballs every six months? THINK dammit before you spout nonsense.

Re: Your eyeball is your USER ID! (Score: 0)

by Anonymous Coward on 2014-07-27 20:28 (#2NT)

Really, it's neither. It is sort of public, exceedingly difficult to copy, and cannot be replaced. But acting as a userID, it would still be needed for access. So even if they did get a password somehow, they would need to steal your eyes anyway.

New technology often isn't analogous to old ones.

Re: Your eyeball is your USER ID! (Score: 1, Interesting)

by Anonymous Coward on 2014-07-27 22:49 (#2NV)

Good god/spaghetti monster what are you going on about? Have you ever had an RFID style badge to get in to work? Have you ever used an automated toll system? A subway payment card? A general admission ticket to a concert? A freaking metal door key?

None of those things require or assume passwords, and neither do retinal scans and similar tech. Just shut up already please.

Re: Your eyeball is your USER ID! (Score: 0)

by Anonymous Coward on 2014-07-27 22:58 (#2NW)

Which is to say, the editor's use of "password" in the headline rather than "single factor authentication key" is a smart, normal decision. Unlike the wacko shouting in bold about Minority Report, he or she isn't scared and under the compulsion to shout at people about the superiority of two and three factor auth every time he sees people boarding a train after swiping a card through a turnstile.

Re: Your eyeball is your USER ID! (Score: 1)

by hyper@pipedot.org on 2014-07-28 06:29 (#2P0)

You are on to something here. Use the eye scan plus a contact lens or glassed lens which together with a pin/passphrase/drawing/code is the key.Something you know. Something you have. I would prefer a usb key with a keychain + passphrase.Don't just think an idea sucks. Improve it.

Re: Your eyeball is your USER ID! (Score: 1)

by bryan@pipedot.org on 2014-07-28 22:52 (#2PD)

Indeed. Biometric login supporters always get this wrong and is one of my personal pet peeves. Fingerprints and retina scans are not passwords! In terms of login, you can narrow information sources into two simple categories.

Things you have
  • Name (or username)
  • Email address
  • Fingerprint
  • Retina Scan
  • Simple ID Card
This first list is mainly public information that nearly anyone can obtain (or guess) to use as a unique identifier. Nothing on this list should ever be used as a "password substitute."

Things you know
  • Password (or PIN)
  • Shared secret
This second list is secret information that is not public or easily obtainable. These are the things that could be used as a password.

To improve security, simply include an element from each list. A common example is: withdrawing cash from an ATM requires both a card and a PIN.

Re: Your eyeball is your USER ID! (Score: 1)

by spacebar@pipedot.org on 2014-07-29 13:12 (#2PS)

I think it's more commonly divided into

You have
  • Physical item that must be used (ie a key)
You are
  • Biometrics (fingerprints, eyeballs, etc)
You know
  • A password

Re: Your eyeball is your USER ID! (Score: 3, Funny)

by Anonymous Coward on 2014-07-29 20:20 (#2PW)

Or:
  • Things you lose
  • Things you forget
  • This scanner never works right

Not going to give Google this information (Score: 2, Funny)

by skarjak@pipedot.org on 2014-07-27 15:02 (#2NS)

Google already has everything else. If I give them this, they'll probably have enough to make a robot to replace me in my family!