Scott Granneman, 2004-11-19
Bill Gates is right about one thing: asking people to use a two-factor form of authentication would go a long way toward alleviating a lot of the password problems that plague computer security today.
Colapse all |
Post comment
Bill Gates Is Right?
2004-11-20
Todd Knarr (1 replies)
Todd Knarr (1 replies)
Biometrics has one other major disadvantage: it's tied to you. If your password's compromised, you can change your password. If someone manages to get a copy of your thumbprint, how do you change your thumbprint? Even if biometrics were harder to compromise (which I don't think it is, but assume it ...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-30
Prasad
Prasad
I agree with you as long as Biometric is used as the only mean of authentication but when Biometrics is used along with other Soft/Hard tokens, Passcodes and PIN etc as a 2,3 or multifactor based authentication it provider a stronger form of authentication and much improved and alleviated assurance ...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-20
Me
Me
I already carry a credit card, ATM card, key card, supermarket card and sundry other card-sized items for my everyday activities. Of course, I would happily use a smart card to perform everyday computing login activities for the same reasons. Unfortunately, there is no universal (or free) PC interfa...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-20
dfy (1 replies)
dfy (1 replies)
In the biometric protocol if there is one successful man-in-the-middle attack the biometric information is out of your control and stored somewhere on the net...
[ more ] [ reply ]
[ more ] [ reply ]
Man-in-the-Middle
2004-11-22
Anonymous (2 replies)
Anonymous (2 replies)
This is a solvable problem. Consider the common ATM machine. When was the last time you heard of a MitM attack on an ATM PIN? You haven't, and the reason is the PIN is encrypted before it even leaves the keypad.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-20
Anonymous
Anonymous
I think you are so right about the Last Days of passwords. I'd like so much to only have to carry a smartcard and never have to remember any password, or at least, much less than I do have to remember now. I once thought about creating such a system using a smartcard but then I realized that, accord...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-20
Borja Marcos
Borja Marcos
It's true than (for example) a smart card with a public key is a good authentication system. And some modern ATM frauds would also be avoided.
But, is that smart card secure when used from a Windows PC with a full ecosystem of worms/virii/bots? Not at all. It can be actually more dangerous, as th...
[ more ] [ reply ]
But, is that smart card secure when used from a Windows PC with a full ecosystem of worms/virii/bots? Not at all. It can be actually more dangerous, as th...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-22
Anonymous
Anonymous
I agree. but...
The issue of security doesn't lie in the advancement of technology. But, human ingenuity, frailty and the short comings of human nature. From social engineering, to theft, to design flaws.
With that said. The use of user ID's, pincodes and a RSA keychain may be the safest and m...
[ more ] [ reply ]
The issue of security doesn't lie in the advancement of technology. But, human ingenuity, frailty and the short comings of human nature. From social engineering, to theft, to design flaws.
With that said. The use of user ID's, pincodes and a RSA keychain may be the safest and m...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-22
AR
AR
Good article. Would I be prepared to use a SMART card along with biometrics - absolutely. The biggest concern for me would be the process for lost or damaged cards, it could be a bureaucratic nightmare. I don't see this happening in the forseeable future unless it is driven by the credit card compan...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-22
Anonymous (1 replies)
Anonymous (1 replies)
You don't wanna lose or forget your id card at home. Or getting sick when you need to authenficate with eye or voice data.
Genetic authentification, on the other side is difficultly fooled. But it would mean serious hardware and authentification software. With very serious computer power.
No ?...
[ more ] [ reply ]
Genetic authentification, on the other side is difficultly fooled. But it would mean serious hardware and authentification software. With very serious computer power.
No ?...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-25
Anonymous
Anonymous
DNA in principle is no harder to fake than retinal on thumbprint scans. It's just more information in total, but quite a lot of it is shared and thus redundant. A geneticist once said, 'we are about 30% chimp, but about 28% banana'.
It's also much easier to 'sample' than the others:
Retina - '...
[ more ] [ reply ]
It's also much easier to 'sample' than the others:
Retina - '...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-22
Anonymous
Anonymous
Smart Cards may prove very helpful, however, I too doubt the feasability of biometrics. Identity theft has already been breached where fingerprints are concerned and likey soon will be breached in DNA, etc. I doubt we can incorporate a technical solution that the criminal mind cannot circumvent. Key...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right? NO.
2004-11-22
Anonymous
Anonymous
Only if you ignore all the evidence about the ease of forgery...
All biometric scanners can be faked as long as the reference is of a lower resolution than the fake.
Fingerprints can be copied from any original source - the finger itself, the glass that was touched, a door knob,...
Retina/i...
[ more ] [ reply ]
All biometric scanners can be faked as long as the reference is of a lower resolution than the fake.
Fingerprints can be copied from any original source - the finger itself, the glass that was touched, a door knob,...
Retina/i...
[ more ] [ reply ]
Granneman is wrong?
2004-11-22
Mene Tekel
Mene Tekel
There's two extremely important reasons why biometrics must not be allowed to become the only means of authentication:
1: What is its strength is also its weakness: You can't extend your privileges to others in case you are unable to use them yourself. Imagine you're in the hospital, and ask y...
[ more ] [ reply ]
1: What is its strength is also its weakness: You can't extend your privileges to others in case you are unable to use them yourself. Imagine you're in the hospital, and ask y...
[ more ] [ reply ]
Smart cards maybe, but not biometrics
2004-11-22
Nicholas Chase
Nicholas Chase
I'm terrified of the idea of biometrics. If I lose my smart card, I can report it and it can be turned off. If somebody "steals" my thumbprint, what am I going to do, get a new thumb? Spend the rest of my life explaining to vendors that my thumbprint has been deactivated because of fraud, but rea...
[ more ] [ reply ]
[ more ] [ reply ]
Biometrics isn't the best method
2004-11-23
Anonymous
Anonymous
I've been looking into a lot of the biometrics technologies, especially those with the iris/eye recognition.
Let's say your eye gets damaged in some way, like a degenerate eye disease or other damage to the retina. How does this situation get handled?
I'll stick with smart cards, as these can ...
[ more ] [ reply ]
Let's say your eye gets damaged in some way, like a degenerate eye disease or other damage to the retina. How does this situation get handled?
I'll stick with smart cards, as these can ...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-23
hanzie
hanzie
There has been a problem with people putting a false ATM front, and people just assume their regular ATM has been remodeled. Meanwhile, it's passing info through to the real ATM. There was a slashdot article on it.
Another problem is the mom and pop store ATM, where a dishonest storekeeper can ...
[ more ] [ reply ]
Another problem is the mom and pop store ATM, where a dishonest storekeeper can ...
[ more ] [ reply ]
I fear dismemberment by rapacious thieves.
2004-11-23
hanzie (2 replies)
hanzie (2 replies)
I fear dismemberment (as in thumbs and eyes getting forcibly stolen.) It doesn't matter if it's possible to use the stolen bits or not. People of severly diminished mental capacity and total lack of scrouples will keep trying anyway.
Even if the scanners won't work with stolen parts, (and that'...
[ more ] [ reply ]
Even if the scanners won't work with stolen parts, (and that'...
[ more ] [ reply ]
I fear dismemberment by rapacious thieves.
2004-11-28
Roger
Roger
There are a *lot* of problems with biometrics, but this one is the least of your worries. Most biometric sensors already have the ability to tell if the proferred organ is alive. If they don't, then it's even easier to present a faked copy, so why go to the trouble of dismembering someone (not just ...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-23
Jay
Jay
I think the first step is to replace the term "password" with "passphrase" (25-50 characters instead of 8), that helps to introduce users to the idea of a more secure password and helps to aleviate the most common security risks, pathetically guessable passwords and yellow stickies on monitors. Whe...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-23
michaels
michaels
I agree with others on the biometric issue - I don't want anything that closely related to me (i.e. my eye or thumb) to be used for security purposes.
Imagine an attacker in the street:
"Give me your [thumb|eye]"
Anyone remember Passenger 57 ?
Eww.
Smart-cards aren't a terrible idea; ...
[ more ] [ reply ]
Imagine an attacker in the street:
"Give me your [thumb|eye]"
Anyone remember Passenger 57 ?
Eww.
Smart-cards aren't a terrible idea; ...
[ more ] [ reply ]
People being Human
2004-11-23
Dan J.
Dan J.
I agree that passwords are a major pain. I also have to agree that biometrics are not foolproof. But I have to disagree with smart cards being any better than passwords in a work environment.
I manage both the facility access card system and systems passwords. I have as many people forget the ...
[ more ] [ reply ]
I manage both the facility access card system and systems passwords. I have as many people forget the ...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-23
Ean Meyer
Ean Meyer
I have no problem with thumb print logins. I use a U.are.U thumb scanner on my computer at home. It works great and I don't have to remember passwords. It manages them for me.
I don't see the point that privacy advocates make about thumb prints. Companies ask for my social security number all the ...
[ more ] [ reply ]
I don't see the point that privacy advocates make about thumb prints. Companies ask for my social security number all the ...
[ more ] [ reply ]
Bill Gates Is Right? - Open standard doesn't matter
2004-11-23
Paul (1 replies)
Paul (1 replies)
Regardless of biometrics etc, we are not talking about a single and secure method to vlidate who a user is, correct?
If so (single authentication method for the world), who will validate me? (using biometrics or whatever) - Is there going to be some central/world server that validates my credenti...
[ more ] [ reply ]
If so (single authentication method for the world), who will validate me? (using biometrics or whatever) - Is there going to be some central/world server that validates my credenti...
[ more ] [ reply ]
Bill Gates Is Right? - Open standard doesn't matter
2004-11-23
michaels
michaels
There is no need for a central server; the system would be the same as any signup to a secure site currently.
Bank: "Hi, please press your thumb here ..."
You: * press thumb *
Bank: "Okay, your account is activated. Your thumbprint and passphrase are required for each transaction now."
Note:...
[ more ] [ reply ]
Bank: "Hi, please press your thumb here ..."
You: * press thumb *
Bank: "Okay, your account is activated. Your thumbprint and passphrase are required for each transaction now."
Note:...
[ more ] [ reply ]
Should be "Bill Gates joins the Bandwagon"
2004-11-23
Tommy Ward
Tommy Ward
I remember in 1995 when we were trying to sell SecureNet Keys (challenge/response token similar to CryptoCard) to Microsoft, and we were told that Bill was against the idea. Supposedly he just wanted to "know who did it" so he could get them after the fact. Obviously he (or whoever came up with that...
[ more ] [ reply ]
[ more ] [ reply ]
I respectfully disagree
2004-11-23
Michael Cloppert
Michael Cloppert
You mention that a problem with passwords is that they don't uniquely identify anyone. This is true, but how much easier is it to steal someone's thumbprint or smart card? If my wallet gets stolen, now I have to worry about credentials being compromised as well.
The only way for passwords to be...
[ more ] [ reply ]
The only way for passwords to be...
[ more ] [ reply ]
Scott, you made another mistakes ..
2004-11-24
Anonymous
Anonymous
The periods reported in the article are erroneous, and do not reflect the periods defined by Hartmann:
6) Birth of Jesus Christ to His resurrection.
7) Period of time until Jesus returns.
8) 7 years of Tribulation (first half peaceful, second half horribly violent)
By definition, since Jesus...
[ more ] [ reply ]
6) Birth of Jesus Christ to His resurrection.
7) Period of time until Jesus returns.
8) 7 years of Tribulation (first half peaceful, second half horribly violent)
By definition, since Jesus...
[ more ] [ reply ]
Bill Gates Is Right, but for the wrong reasons
2004-11-25
Bruce Marshall (1 replies)
Bruce Marshall (1 replies)
In his keynote speach at the RSA conference last year Mr. Gates said something similar:
?Another weak link in these security systems has been the use of passwords, and there's no doubt that over time people are going to rely less and less on passwords. I'm sure all of you know what a weak thing t...
[ more ] [ reply ]
?Another weak link in these security systems has been the use of passwords, and there's no doubt that over time people are going to rely less and less on passwords. I'm sure all of you know what a weak thing t...
[ more ] [ reply ]
Bill Gates Is Right, but for the wrong reasons
2004-11-29
Anonymous
Anonymous
It is a business. If you want to take that stance and say he is right, but only saying that to promote their biometric product, then the question becomes, "Why are the making this biometric product?" Yes, to make money, but also because of what Gates said, it is, and needs to be moving in that direc...
[ more ] [ reply ]
[ more ] [ reply ]
Biometrics as a possible authentication sheme
2004-11-26
Anonymous
Anonymous
Just to add one more thought to the idea of biobetrics as a valid authentication scheme.
You can't change your DNA or thunb print or retina under most circumstances. Ignoring the possible cases of illness changing the structure of your iris or retina or the possible amputation of a finger, there ...
[ more ] [ reply ]
You can't change your DNA or thunb print or retina under most circumstances. Ignoring the possible cases of illness changing the structure of your iris or retina or the possible amputation of a finger, there ...
[ more ] [ reply ]
Bill Gates Is Right?
2004-11-29
Anonymous
Anonymous
Whatever method you choose, the brilliant and unscrupulous out there will work around, eventually. Then the unscrupulous and connected to the internet will try to copy what the first group just have to brag about(see script kiddies). It is simply a matter of trying to stay ahead of the curve, in my ...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2004-12-01
Anonymous
Anonymous
It's funny to see people saying that we're
not in the last days but happily
assisting to introduce a global identification system that could take
control over them.
As it was revealed:
"that no one could buy or sell unless he
had the mark, which is the name of the beast
or the number of his...
[ more ] [ reply ]
not in the last days but happily
assisting to introduce a global identification system that could take
control over them.
As it was revealed:
"that no one could buy or sell unless he
had the mark, which is the name of the beast
or the number of his...
[ more ] [ reply ]
Bill Gates Is Right? To Be or Not to Be Hacked
2005-09-13
Sandra N (1 replies)
Sandra N (1 replies)
I do agree the password human Ram chip is taxed out, whereas the Two-factor form would be great. But think about the hacker who stays informed on the lastest Tech way more than the average user. Your only one step ahead of them and occasionally one step behind. No offense to the powers to be, howev...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Bill Gates Is Right? To Be or Not to Be Hacked
2006-10-31
Mike
Mike
I completely agree. Having an open source standard is much easier to create tools that exploit vulnerablities than to close off the software, and give the keys to a group of highly trusted individuals. It probably wont keep hackers from hacking but it should atleast keep the gen. pop. one step ahe...
[ more ] [ reply ]
[ more ] [ reply ]
Bill Gates Is Right?
2006-04-26
M Capp
M Capp
The use of two factor authentication is necessary to improve security controls. However biometrics is not necessarily the best answer. I prefer using a smart card for access in addition to the username and password. Any security can be breached but the "something you have plus something you know"...
[ more ] [ reply ]
[ more ] [ reply ]
[ more ] [ reply ]