ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Finger Prints Are Not Passwords

    Scheduled Pinned Locked Moved IT Discussion
    androidfailbiometricspasswordsecurity
    125 Posts 9 Posters 59.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @A Former User
      last edited by

      @thecreativeone91 said:

      @scottalanmiller said:

      Where have you found a secure municipality in the US? I've never even heard of a rumour of one, let alone a municipality that was secure at all. I've rarely found a municipality that even hires what we would consider real IT let alone high end IT needed for real security.

      Just because you've never seen them or worked for them doesn't mean they don't exist. You make a lot of blanket statements without knowing the facts. I guess we should all just quit our govt jobs and go work at the local fast food chain as we aren't IT pros in Scott's book.

      I didn't say all. I said the US had a lot of security issues in government - which is obviously the case since few government jobs pay anywhere near median. Are there exceptions? I would assume. Are there people doing government jobs because they feel that they should donate their skills? Presumaly somewhere. But that some are secure or might be secure or could be secure does not mean that the average is.

      I've worked in government, it's the least secure thing I've ever seen. I've worked for a lot of different types of government. And I know tons of people who won't work in government, generally due to the income reasons. Tons and tons of the industry won't accept those jobs.

      If you have some examples of outstanding government security, that's great. I didn't supply any blanket statement. But I provide examples that I knew, have many examples I did not supply, and only stated that in my experience I've never heard anyone make the claim that any municipality was providing adequate security. They might be, but I've not seen it and you are the first I've seen defending how governments do IT in the US.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @A Former User
        last edited by

        @thecreativeone91 said:

        Only the Federal Government Can't be sued. You can infact sue local governments and many state governments.

        You can sue your state? I knew that the Fed can sue a state, and they do constantly. I was not aware that there was any way to sue a state. Or that that would be state by state, I would assume. I've had local judges break the law and I've had no recourse. But NY is extremely bad in that regard. Might be a local problem.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @A Former User
          last edited by

          @thecreativeone91 said:

          I guess we should all just quit our govt jobs and go work at the local fast food chain as we aren't IT pros in Scott's book.

          To be fair, I actually did this. New York tried to hire me when I was getting back into IT. It wasn't fast food anymore, it was working a hotel front desk which is slightly better (I've done both, so that's an honest comparison.) But the money was about the same, the job was just cleaner and nicer. I had to work overnights and swing shifts. But the jobs with the state were so bad that I turned them down to keep working the hotel because they only thought of IT as being on par with fast food work based on their pay scales. So while I didn't say to do this, I did actually live this advice and I honestly believe that failing to have done so would have crippled my career. I was far beyond the careers of the people who tried to hire me within six months - and they had many years just in their state jobs alone and I was effectively starting from the bottom.

          There are thousands and thousands of government agencies in the US. Some must be good. But I think it sounds pretty surprising to hear that you feel that any percentage of them have the necessary will or capability to address security well.

          Working with some municipal governments, many that I have worked with have no IT whatsoever and use whatever free or cheap resource they can find to patch things together. They get grants to buy equipment but never spent money on governance. No security oversight at all.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @MattSpeller
            last edited by

            @MattSpeller said:

            @scottalanmiller said:

            If they are going to steal it, it's already gone.

            I'm curious how you got to there

            You are assuming that theft will occur because you decided to leverage a feature. Why? That makes no sense. You are assuming that the thief is in your house but only steals your TV if you've been watching it. That's not how it works. If you are assuming that the thief is in your house (is on your device and has access to the biometric scanner) then he is going to steal your biometrics whether you chose to use them or not. Unless you are pressing that button with gloves on or otherwise avoiding letting the scanner see your fingers.

            1 Reply Last reply Reply Quote 0
            • mlnewsM
              mlnews
              last edited by

              What timing...

              MattSpellerM 1 Reply Last reply Reply Quote 2
              • MattSpellerM
                MattSpeller @mlnews
                last edited by

                @mlnews so much better with moustaches lol

                I actually did a bit of reading, apparently it's stored independently on a separate chip. According to Apple's specs it's reasonably secure. I'm still really uncomfortable with this technology and I'll opt out.

                From your post below, how do I avoid biometrics? By not purchasing/using any devices that use them 😛

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @MattSpeller
                  last edited by

                  @MattSpeller said:

                  From your post below, how do I avoid biometrics? By not purchasing/using any devices that use them 😛

                  What phone available today, for example, does not use them? Nearly every sensor on a phone collects identifying biometrics of some sort. Even your desktop keyboard does that (there are systems that use your typing patterns as biometric passcodes!!)

                  Fingerprints are just the ones that we talk about. But the amount of identifying information collected by all computing devices is staggering.

                  ? 2 Replies Last reply Reply Quote 0
                  • ?
                    A Former User @scottalanmiller
                    last edited by A Former User

                    @scottalanmiller said:

                    What phone available today, for example, does not use them?

                    Almost all expect the Newest iPhones. Voice Command, And predictive text both can be turned off. Very few android and no windows phones have finger print.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • ?
                      A Former User @scottalanmiller
                      last edited by

                      @scottalanmiller said:
                      Even your desktop keyboard does that (there are systems that use your typing patterns as biometric passcodes!!)

                      What system are you using that does that? Mobile OSes do in Android and iOS but it can be turned off.

                      JaredBuschJ scottalanmillerS 3 Replies Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @A Former User
                        last edited by

                        @scottalanmiller said:

                        Even your desktop keyboard does that (there are systems that use your typing patterns as biometric passcodes!!)

                        @thecreativeone91 said:

                        What system are you using that does that? Mobile OSes do in Android and iOS but it can be turned off.

                        The point was that a shim (aka malware or even embedded in software you trust) can easily be dropped onto your PC and collect this information.

                        1 Reply Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch @A Former User
                          last edited by

                          @thecreativeone91 said:

                          What system are you using that does that? Mobile OSes do in Android and iOS but it can be turned off.

                          @thecreativeone91 said:

                          Almost all expect the Newest iPhones. Voice Command, And predictive text both can be turned off. Very few android and no windows phones have finger print.

                          Who cares about what can be turned off. The entire point of this was an exploit/shim. You can be fairly certain that a shim/exploit will not respect that setting.

                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @A Former User
                            last edited by

                            @thecreativeone91 said:

                            @scottalanmiller said:

                            What phone available today, for example, does not use them?

                            Almost all expect the Newest iPhones. Voice Command, And predictive text both can be turned off. Very few android and no windows phones have finger print.

                            That's what I thought. You are pretty much limited to old or really low end devices and rapidly those are disappearing. Some will last for a while, I suspect, but only so long before normal touchpads can read fingerprints, I assume. How long until your mouse can read your fingerprint too?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @A Former User
                              last edited by

                              @thecreativeone91 said:

                              @scottalanmiller said:
                              Even your desktop keyboard does that (there are systems that use your typing patterns as biometric passcodes!!)

                              What system are you using that does that? Mobile OSes do in Android and iOS but it can be turned off.

                              Any software that wants to can watch your keystrokes for the biometric. I don't use any that tell me that they are doing it, but any that want to, can, including websites.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @JaredBusch
                                last edited by

                                @JaredBusch said:

                                Who cares about what can be turned off. The entire point of this was an exploit/shim. You can be fairly certain that a shim/exploit will not respect that setting.

                                That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.

                                ? 1 Reply Last reply Reply Quote 0
                                • ?
                                  A Former User @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.

                                  Well if you are going that far you might as well say any device that has a mic is recording you 24/7. Computer, Phone, Dumb/Feature Phones (they have java too on most). Heck if you want to put your Tin Foil hat on power companies can use their Smart Meters to gather information about you. You can gather sounds, signatures of devices etc plugged into your house. CFLs would be very easy to hide mics that send singals to the meter as well.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @A Former User
                                    last edited by

                                    @thecreativeone91 said:

                                    @scottalanmiller said:

                                    That's a key factor here. The OP was about malware that could bypass the system's security. So the existence of the ability to collect biometrics (the presence of sensors) becomes the risk in that case.

                                    Well if you are going that far you might as well say any device that has a mic is recording you 24/7. Computer, Phone, Dumb/Feature Phones (they have java too on most). Heck if you want to put your Tin Foil hat on power companies can use their Smart Meters to gather information about you. You can gather sounds, signatures of devices etc plugged into your house. CFLs would be very easy to hide mics that send singals to the meter as well.

                                    That's my point - once you are assuming that the vendor is stealing your data, not just the data that you share with them, but the data on the device, and selling it, then you are into an area where the tin foil hat is on and things like the microphone are obviously concerns - much bigger concerns than the fingerprint scanner. Far more money in recording people. And no additional "lines" need to be crossed.

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User
                                      last edited by

                                      Well security isn't androids strong point from the get go. But Google's involvement could potentially make it worse (no one knows as there part is closed source)

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller
                                        last edited by

                                        Don't confuse me pointing out that all of these things are possible and equal risk with thinking that we should be avoiding them. I think that avoiding fingerprints because of any of the reasons given in the thread is unrealistic. There are levels of security that are worthwhile and those that are not. Making your life difficult because of extremely unlikely, very fringe security concerns isn't good. We might as well stop using technology and go live on a mountain somewhere and only use cash. If that's the life you'd prefer, knock yourself out. There are security concerns out there, but we have to find a reasonable medium ground or else we start getting crazy.

                                        1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender
                                          last edited by

                                          The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.

                                          ? scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • ?
                                            A Former User @Dashrender
                                            last edited by

                                            @Dashrender said:

                                            The only reason I need to avoid finger prints is because I can be compelled by the gov't to give them up use them (or they just use one of mine they have one file) to unlock things I don't want them to have access to.

                                            In Virginia I know any law enforcement legally is entitled to anything on your persons without a search warrant this includes your cell phone and any information they can access or accounts they can get from it. I believe it it's locked with a password they then need a warrant but, not for any biometerics.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 2 / 7
                                            • First post
                                              Last post