Quote:
Originally Posted by calvin-c
I'm convinced that some day we'll need to go to biometrics. I'm not sure how it'll be implemented over the Internet but I don't see any other solution. There are plenty of problems with it but passwords & security questions certainly aren't working.
|
Over the Internet, or in any situation when you don't have complete physical assurance of the whole, even a biometric solution merely generates a long, hard to guess password, so while having your fingerprint, or palm vein pattern, or iris pattern always with you is more convenient and harder to steal than carrying, say, an RSA fob, it's not much more secure on the server side.
On the client side, security is always a trade-off against convenience and the trick is to find a balance that users accept.
I predict that where security really matters to folks (financial data, etc) we will soon be forced to use 2- or 3-factor authentication in all cases.* One of those factors may indeed be biometric.
ApK
*The three factors would be "something you know, something you have and something you are." Say, having a smart card, knowing a pin, and scanning your fingerprint. Or having your cell phone, knowing your passphrase and reading your voice print.