I would like to explain my thoughts about the (now) common use of fingerprint readers as login devices for mobile devices such as laptops or PDA's.
It has become quite common to use our fingerprints in order to gain access to our mobile environments; in fact, it's so common that I know lots of people that have already forgotten their original passwords to log-on to their computer.
The question that should be debated: is this a good practice?
When using a password, we get an open mathematical series of numbers where the complexity is usually (N)Power(Password Length). This formula assures (in most cases) that the password will be unique and, more importantly, will take somebody else a significant amout of time to discover.
A fingerprint, however, has its own flaws. First of all, it's a series blocked by the number 10 so there are not many possibilities once you know to whom this computer belongs. And second of all - let's think about it - when I travel with my computer, I usually don't wear gloves. This means that if someone stole my laptop, he/she has the potential to peel all of my fingerprints off the computer!
There has been some progress in the field that uses measurments of human skin salt and others in order to verify a person's identity, but, in my personal opinion, this data also has the potential to be scraped off the laptop.
In short, if you choose to use a fingerprint, I would still require that a special PIN or password be manually typed in so that we still maintain the concept of "Someone You Are + Something You Know." In that way, we can simplify the process of login with a changable password while still maintaining security.
A fingerprint, however, has its own flaws. First of all, it's a series blocked by the number 10 so there are not many possibilities once you know to whom this computer belongs. And second of all - let's think about it - when I travel with my computer, I usually don't wear gloves. This means that if someone stole my laptop, he/she has the potential to peel all of my fingerprints off the computer!
There has been some progress in the field that uses measurments of human skin salt and others in order to verify a person's identity, but, in my personal opinion, this data also has the potential to be scraped off the laptop.
In short, if you choose to use a fingerprint, I would still require that a special PIN or password be manually typed in so that we still maintain the concept of "Someone You Are + Something You Know." In that way, we can simplify the process of login with a changable password while still maintaining security.
Barry, have you seen these videos? Goes with the "Someone You Are + Something You Know" combo.
http://lasecwww.epfl.ch/keyboard/