Biometrics has one other major disadvantage: it's tied to you. If your password's compromised, you can change your password. If someone manages to get a copy of your thumbprint, how do you change your thumbprint? Even if biometrics were harder to compromise (which I don't think it is, but assume it for the sake of argument), a compromise is effectively permanent for the rest of your life. Is this really a good thing for security?

Smart cards are effectively a way of storing passwords. The best form switches to challenge/response authentication and does the processing entirely within the card, so the system you're using never needs to have access to the passwords or keys themselves, it just has to be able to pass the challenge and response back and forth. However, smart cards as Bill envisions them still have a fatal flaw, one not related to them being smart cards: they're single sign-on. Single sign-on is bad, period. It means that any compromise is a total compromise of every account you own, everywhere (just as using the same password everywhere exposes you to a similar total compromise). You'd need multiple cards, one for each security zone, to get around that. Or one card with multiple keys (passwords) that required a different code to be entered to allow each one to be used (which doesn't really help the situation).

I think it's a fundamental attribute of the problem, similar to the one of keys: to be secure you need different keys for each door so nobody can easily steal one or two keys and get access to everywhere, but people don't like carrying around big keyrings so they want one or two keys that'll give access to everywhere.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/277/29142#29142