The amazing durability of password technology

You Might Want To Take Another Pass At Your Passwords (GPB News)

Cormac Herley is in the 95 percent who don’t. He’s principal researcher with Microsoft Research, an arm of the software giant.

“Passwords are the worst system in the world, except for all the other systems,” he says.

Herley recommends assigning different tiers to passwords. Using your best, most complex ones for work and banking, but devoting less effort to those that don’t matter as much. But even that can be a lot to ask, even for him.

“I write the passwords down and have a photocopy at home and a photocopy in the office and a couple copies here and there.”

But, could all that be compromising security?

“Well, I mean, um, yes,” he says.

I also love Harley’s repurposing of the democracy quote often attributed to Winston Churchill.

Windows 10 pregame

What to expect (and what you won’t see) at this week’s Windows 10 launch

The Windows 10 technical preview released last fall was aimed squarely at enterprise customers, bringing back the Start menu and allowing sandboxed Windows Store apps to run in windows instead of full screen. This week’s update should be much more focused on consumer devices and services.

Here’s what I’ll be looking for in Redmond on Wednesday…

There is a brief biometric mention, but it’s mostly big-picture analysis of Microsoft’s consumer offerings.

Forecast: Global biometrics market to see 19.6% CAGR through 2020

Biometrics – A Global Market Overview (Research and Markets)

The global market for Biometrics is slated to post a strong CAGR of 19.6% between 2014 and 2020 to reach a projected US$30.1 billion by 2020 from an estimated US$10.3 billion in 2014. Fingerprint recognition is estimated the largest technology with market worth US$3.2 billion in 2014 while Civil ID is slated to be the largest application with global market of US$4.6 billion in the same year.

3D scanner has biometric applications

Kind of a way of making templates that will allow the recreation of all sorts of three dimensional objects — Researchers develop 3-D reconstruction software (Phys.org)

This software performs a 3D scan of the original mechanical parts or faces to obtain a virtual model of the real dimensions of objects or parts that are no longer manufactured so they can be reproduced, said Jorge Luis Nuñez Flores, professor at the Department of Electronics of the University Center for Science in Engineering (CUCEI) of UDG.

“The reconstruction technique involves the projection and acquisition of binary patterns (stripes of clear and dark lights, deployed vertically and horizontally) using a commercial projector and a digital camera,” says Nuñez Flores.

Very clever, really. But unlike biometric templates, this technology is specifically made to help “reverse engineer” the original 3D object. So, in a way, this is a lot more like a data compression tool, than a biometric template generator.

Well, he will be soon, he’s very ill.

The Dead Collector: Bring out yer dead.
Man With Dead Body: Here’s one.
The Dead Collector: That’ll be ninepence.
That Claims It Isn’t: I’m not dead.
The Dead Collector: What?
Man With Dead Body: Nothing. There’s your ninepence.
The Dead Collector: ‘Ere, he says he’s not dead.
Man With Dead Body: Yes he is.
That Claims It Isn’t: I’m not.
The Dead Collector: He isn’t.
Man With Dead Body: Well, he will be soon, he’s very ill. [Source]

FIDO 1.0 Specifications are Published and Final Preparing for Broad Industry Adoption of Strong Authentication in 2015 (FIDO Alliance)

“Today, we celebrate an achievement that will define the point at which the old world order of passwords and PINs started to wither and die,” said Michael Barrett, president of the FIDO Alliance. “FIDO Alliance pioneers can forever lay claim to ushering in the ‘post password’ era, which is already revealing new dimensions in Internet services and digital commerce.”

FIDO is doing great work at developing standards for managing online identity without passwords.
FIDO’s press release and this article at PC World explain what FIDO is up to quite well and the people behind FIDO are to be commended for tackling a serious issue, the solution to which could add significantly to the value proposition for businesses and customers interacting over electronic networks.

Just don’t fall for all the “death of passwords” hype that is out there in other places.

Passwords are going to be around for a long, long time but FIDO is doing a great job of corralling them back to where they can do the most good with the least annoyance.

See also:
Why Passwords are Great

OPINION: The tipping point for biometric security (ABC – Australia)

Currently most of us depend on passwords to protect our online identities. But passwords may be the largest security liability of the internet. They have numerous weaknesses that put consumers, corporates and the wider online world at significant risk.

Ultimately, convenience, ease-of-use, speed and accuracy are appealing attributes for authentication and this will drive the adoption of biometrics.

Exorcising the biometric bogeyman

Shedding light on Florida’s biometric ban (Secure ID News)

For Florida State Rep. Jake Raburn (R – Valrico) one of the bill’s sponsors, it’s a privacy issue. “No one, including the federal government, should be allowed access to our students’ personally identifiable information,” Raburn said. “This legislation will protect this sensitive information and prevent its misuse.”

The Pinellas County school district, near Tampa, uses palm scanners to move kids through lunch lines. Barbara Dalesandro, a food service technology coordinator for the district, tried to convince lawmakers to reject the legislation.

“When we had cards and PIN numbers, there was constant fraud. Other students always drained the accounts. There was a significant loss of revenue in that regard,” Dalesandro said. “We’ve been using palm scanning for four years with no problems from our parents.” – See more at: http://secureidnews.com/news-item/shedding-light-on-floridas-biometric-ban/#sthash.EBTXaPnZ.dpuf

Mobile devices pose privacy risks and biometrics can help

Forget silly privacy worries – help biometrics firms make MILLIONS (The Register)

Tech firms are set to experience a biometric bonanza – as long as they can persuade ordinary folk to give up worrying about their privacy.

That’s the claim in a briefing note from “growth consulting firm” Frost & Sullivan, which suggested the number of smartphones equipped with biometric gubbins will soar from 43 million to 471 million by 2017.

This, according to the beancounters, means the biometric revenue from smart phones will soar from increase from $53.6m in 2313 to $396.2m in 2019, amounting to an annual growth rate of 39.6 per cent.

“Due to existing hardware capabilities across devices, most of the growth is expected from facial and voice authentication technologies,” said Frost & Sullivan ICT Global Programme Director Jean-Noël Georges.

The goals of mobile device fingerprint technology are the epitome of privacy protection. Mobile fingerprint technology doesn’t spy on users and, by itself, it’s hard to see how it can create commercially valuable information for a third party to sell. It is put in place to make the “always on,” web-connected pocket computer a more secure platform from which to perform the functions financial institutions and users seem to want.

Dick Dastardly – not a banker or 
biometrics executive

The other two biometric technologies mentioned by the author, face and voice recognition, would perhaps be easier to abuse by a third party. The more acute risk to individual privacy associated with mobile biometrics, however comes not from a bunch of moustache-twirling banks and biometrics companies, but from flippy birds and fuzzy bunnies, or downloaded apps accessing onboard biometric technology for no other reason than to sell on to its customers the information gleaned. But that type of privacy risk is inherent in mobile technology. With its location services, cameras, microphones, wifi, NFC and bluetooth, modern mobile devices already contain an astonishing array of sensors and communications devices waiting to be abused or used in ways consumers don’t necessarily anticipate, and that’s happening right now.

Biometrics didn’t create this situation but they might be able to help.

Nice introduction to biometrics

Biometrics: New IDs that are uniquely you (Student Science)

Rapidly and accurately identifying people is useful. The police sometimes use biometric technology to ID criminals, disaster victims and missing children. Bank tellers may use biometrics to verify the identity of anyone attempting to withdraw money from an account. Because of the usefulness of biometric technology, governments are starting to include fingerprint and other biometric data in driver’s licenses, ID cards and passports.

Research on biometrics is advancing rapidly. Here we meet researchers behind three teams developing new ways to ID people.

A modest proposal

Time to shape our biometric future (The Age)

…[W]hile biometrics are indeed an important tool and will be part of future security solutions, we cannot afford “biometric creep”, a situation in which we gradually cede our privacy. Now is the time to have the debate to determine what an acceptable biometric future will look like.

The article linked above, by a thoughtful former federal police officer, is worth reading in its entirety.

We offered a framework for this debate in the early days of this blog. The tone of the series of posts is highly academic but I don’t think they suffer because of it.

The posts titles are:
Debating biometrics [Introduction]
Part I: The Right to Privacy
Part II: The Nature of Consent
Part III: Transparency
Part IV: A Framework for the Discussion of Privacy Issues
Part V: Filling in the framework; Absolute advocacy dos and don’ts
Part VI: Filling in the framework, subjectivity and interpretation

Biometrics can’t do everything

Biometric registration can’t solve election problems – EC (Ghana News Agency)

Dr Afari-Gyan said from the experience in Ghana, the introduction of the biometric machine in the voting process of elections was not the absolute answer to all election problems.

“The machines are not always the full answers to our problem, because they cannot distinguish between fingerprints of a minor and an adult, or a foreigner and an indigene,” Dr Afari-Gyan said.

Rather,he called for supervision and monitoring of the entire election process as well as training of people who operated the biometric machines to ensure that all eligible voters were identified and allowed to vote accordingly.

It’s true. A technological system designed to account for people can never free itself entirely from the “human element.”

…and I don’t think you’d want it to.

Will future life insurance underwriters use face scanning technology?

Not really biometrics but…

Can your face reveal how long you’ll live? New technology may provide the answer. (Washington Post)

Imagine that an insurance underwriter comes to your house and, along with noting your weight and blood pressure, snaps a photo of your face. And that those wrinkles, mottled spots and saggy parts, when fed into a computer, could estimate how long you will live.

Facial recognition technology, long used to search for criminals and to guess how a missing child might look as an adult, may soon become personal. A group of scientists is working on a system that would analyze an individual’s prospects based on how his or her face has aged.

Washington DC: Participate in biometric system testing and earn $95

Seeking individuals to participate in an ID verification research study. (Upper Marlboro Patch)

Participants will be asked to pass through a simulated identification area that uses safe, commercially available sensors like high definition cameras. The simulated screening area will also test the usefulness of safe biometric scanners that are currently being used by other countries at border crossings such as fingerprint identification.

Data privacy in schools is about much more than biometrics

As we’ve often said before, if schools can’t be trusted with private information, biometrics aren’t the problem. It’s nice to see that education professionals take a broad view of student privacy issues.

State Lawmakers Ramp Up Attention to Data Privacy (Education Week)

As the appetite for educational data on students has grown across the K-12 sector, so has the stated desire among many state lawmakers to try to protect the privacy and security of sensitive student information.

Spurred by concerns that the rise of education technology and the increasing prevalence of new assessments will place student data in unreliable hands or be put to nefarious uses, lawmakers in dozens of states have acted this year to clarify who has what access to student data and to specify the best practices for shielding that data.

Biometrics gets an undue amount of attention where child privacy issues are concerned and they are mentioned quite a few times in the article. The article, however, is written for the education insider so it is missing the “passion” one often finds in the techy press and political news stories.