Your Face Is The Problem
By Daniela Weiss-Bronstein. November 14, 2011, 3:49 PM CDT
Any good (fictional) spy uses biometrics as authentication – Bond used fake fingerprints, Charlie’s Angels copied someone’s retina scan, and Chuck’s intersect has facial recognition technology. Yet as companies have implemented biometric-based authentications, it’s been laughably easy to beat.
Fingerprint locking technology was once thought to be the gold standard in security. Fingerprint sensors popped up on laptops, airports, and homes. Yet the Mythbuster busted through a fingerprint-sensing door lock with the help of a permanent marker and a good copying machine.
Android 4.0′s (Ice Cream Sandwich) Face Unlock feature on Samsung’s Galaxy Nexus uses facial recognition software instead of a typed password. Look into the front-facing camera and the phone unlocks. Curious minds wondered whether a high-resolution image of the owner would work as well. Luckily, a Google developer assured the world that a photograph wouldn’t work. Unluckily, he was wrong. SoyaCincau took a photo of himself on a cell phone, held it up to his locked Galaxy Nexus, and the phone unlocked. Three times in a row.
While this is awkward for Google, it raises the larger question of how intimately identity and authentication should be wedded. Ideally, they should be separate enough that when identity is compromised, there is separate authentication as proof of identity. But when they are one and the same, how do you keep your information safe?
About Daniela Weiss-Bronstein
Dani is a mom of three who dabbles in everything from tech to cake decorating. By day she writes, makes food, and cleans the house, but by night ... she has always wanted to be a superhero.