Fingerprints are Usernames, not Passwords
Fingerprints are Usernames, not Passwords @DustinKirkland #SXSW2015 @DustinKirkland #SXSW2015 #biometrics Co-author and maintainer of an encrypted filesystem for Linux @DustinKirkland #SXSW2015 #biometrics eCryptfs is used by Ubuntu @DustinKirkland #SXSW2015 #biometrics One click encryption during installation @DustinKirkland #SXSW2015 #biometrics We were asked to support fingerprint readers in 2008 @DustinKirkland #SXSW2015 #biometrics My Thinkpad even had one @DustinKirkland #SXSW2015 #biometrics But we closed the bug, “won’t fix” @DustinKirkland #SXSW2015 #biometrics As it happens, fingerprints are easy to fake https://pacsec.jp/psj06/psj06krissler-e.pdf @DustinKirkland #SXSW2015 #biometrics 25 awesome slides later... Seriously, go look at these slides @DustinKirkland #SXSW2015 #biometrics But 7 years later, the industry still hasn’t learned... @DustinKirkland #SXSW2015 #biometrics Better technology, but still broken @DustinKirkland #SXSW2015 #biometrics Well what about iris scanning? @DustinKirkland #SXSW2015 #biometrics Shot with a Canon 5D Mark III, 100mm macro lens, by Dennis Franza @DustinKirkland #SXSW2015 #biometrics Voice recognition? @DustinKirkland #SXSW2015 #biometrics “This call may be recorded...” @DustinKirkland #SXSW2015 #biometrics DNA? @DustinKirkland #SXSW2015 #biometrics You leave a trail of DNA everywhere! @DustinKirkland #SXSW2015 #biometrics Sorry, but biometrics are inherently not secret @DustinKirkland #SXSW2015 #biometrics I bet you’ve seen a few of these now... @DustinKirkland #SXSW2015 #biometrics How would you go about changing these? @DustinKirkland #SXSW2015 #biometrics What do these have in common? @DustinKirkland #SXSW2015 #biometrics Can we avoid adding this one to that dubious list? @DustinKirkland #SXSW2015 #biometrics So what are fingerprints/biometrics good for? @DustinKirkland #SXSW2015 #biometrics Usernames, not passwords @DustinKirkland #SXSW2015 #biometrics Identity, not authentication @DustinKirkland #SXSW2015 #biometrics Use biometrics like an email address, handle, or SSN @DustinKirkland #SXSW2015 #biometrics By the way...can we please stop pretending that SSN’s are secret, because they aren’t. kthxbye. @DustinKirkland #SXSW2015 #biometrics What about civil liberties and biometrics? @DustinKirkland #SXSW2015 #biometrics Sorry, your biometrics have never really been private @DustinKirkland #SXSW2015 #biometrics The sooner we quit pretending they are, the safer your remaining privacy will be @DustinKirkland #SXSW2015 #biometrics Passwords should be private, and are protected under the 5th Amendment* https://en.wikipedia.org/wiki/Fifth_Amendment_to_the_United_States_Constitution#Computer_passwords @DustinKirkland #SXSW2015 #biometrics Finally, some unsolicited security advice Encrypt your data. All of it. Choose two or three really long, hard passwords. Randomly generate all of the rest. Store those in an encrypted, safe location. Ensure any biometrics are coupled with something secret. @DustinKirkland #SXSW2015 #biometrics And never “charge” your phone with random USB ports! @DustinKirkland #SXSW2015 #biometrics Fingerprints are Usernames, not Passwords @DustinKirkland #SXSW2015 @DustinKirkland #SXSW2015 #biometrics
© Copyright 2024