Hacker News new | past | comments | ask | show | jobs | submit login

If the security is to authenticate a user, how do you do it without the user's participation?

You could go for biometrics. But that creates a new problem - unless you're deeply paranoid, you'll leave plenty of DNA, fingerprints and pictures of your irises, without thinking of them as security holes.

You could tie it to the device. But that's no good when you want to check your email on a friend's computer. And if your phone gets stolen with full access credentials... The device is not the same as the user. So I don't see how you can avoid some combination of 'something you know' and 'something you have'.




There is no silver bullets for now, so one need to design the system with the knowledge that any nontransparent security will be made insecure by the users.

What does that mean in practical terms? It depend. It can sometimes mean to move the question of validation to a third party. It can sometimes mean multilayer security, so once the first line of security features goes down, the damages done can easy be reverted. It can even be insurance against liability so the user's security mistakes do not damage the user. In some cases, one could have a complex revalidation system instead of an complex validation system, so that its first when a user switches a device (say a phone) that all the non-transparent security will show itself. It all depend on the exact details and what the exact threat model is and who the intended user is.

This is why in my mind, articles like this one are missing the point. They are trying to announce a silver bullet, when such thing does not yet exist even in theory.


IMO, the big problem with biometric is that it is non revokeable.


Sure it is, the same way a password is revocable: pull e "hash" out of the database you compare against.


How does IT issue you a new fingerprint?


Well, in most cases there are nine other digits you can use. That's probably a reasonable amount of redundancy.


I change my password more than 9 times a year, and I plan to live for more than one year.


That's not IT issuing you a new password, that's you changing it. The point is that biometrics are perfectly feasible as one of the two factors (instead of something you know) and can still be revoked.


I also don't leave my password on everything I touch.

Biometrics are a terrible idea. Password + token is much safer and infinitely revokable. And the server can even tell when an HOTP device has been cloned.


That, and not the revocability, is the core of the problem. It also comes back to a foundation of security: something you have and something you know.

Personally, I think most biometrics are bunk, unless you use multiple (fingerprint, iris, etc) along with some kind of password.


Super Glue and Silly Putty


A white-hot knife to the finger?


It's really only workable when authing to the device. Not over a network. I'd basically assume that anyone can forge your biometric info, so it's only applicable in scenarios where the forgery is hard to execute.


And it also leads to issues like Minority Report, where instead of someone stealing your wallet, they steal your eye balls :(


of course it is, you use the biometric signature to sign certificates that you can revoke.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: