There's two extremely important reasons why biometrics must not be allowed to become the only means of authentication:

1: What is its strength is also its weakness: You can't extend your privileges to others in case you are unable to use them yourself. Imagine you're in the hospital, and ask your wife and/or lawyer to get your email and certain documents for you. They can't, because they can't identify as you, and you can't identify yourself to extend the privilege to them.

2: Most important of all: You can *never* change your biometrics. That it's exceedingly difficult to fake a biometric signature doesn't make it impossible.
If your fingerprint or retina scan gets compromised, you can't change your biometric password, and you're scr*wed for the rest of your life. Unless you know a way to cut off your finger and grow a new one?


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/277/29177#29177