Delta’s Biometric Digital ID Program Expands to 3 Major US Airports
(www.activistpost.com)
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (7)
sorted by:
The main reason I do not like Biometric Digital ID for anything (besides privacy) is because it is a huge security risk for the following reason:
If it does get compromised, you cannot change it.
If any other current mechanism of authentication gets compromised, it is easily changed by a person with the right credentials. Passwords can be easily changed. Hardware keys can be replaced. Fingerprints, voice recognition, and faces cannot be changed without effort.
I think you're failing to account for what compromised actually means in terms of specific security systems.
You're looking at it like a password which is compromised when someone else gets it and can use it, which necessitates a change of the password for only the compromised people.
But is a retinal scanning system compromised if someone scans my eyeball? No, because unlike a password which you type in with a retinal scan system they also need some way of fooling the scanner with a printed eyeball or image of one or a hack that lets them feed their own sensor data in, and at that point the entire system is compromised for everyone.
Digital security works both ways.. If you have a copy of the key, you can re-create the lock; if you have a copy of the lock, you can re-create the key. Once your biometric parts are scanned for security, they're reduced to a digital set of data. Once that data gets compromised, the 'key' can be recreated.. whether it be fake fingerprints, a mask, retina.. or any other biometric component.
In using any biometric security, you are trusting the system to keep your biometric makeup private.. It's one thing if your password gets leaked.. If your biometric data gets leaked, there is no changing it for the next use case.
Most biometric security systems only store the key in the form of an output of a one-way hash function where the input is the scan data. You cannot recreate the input from that output, nor can it be used as the key.