IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [biometrics]

Biometrics is a set of methods related to unique identification of people based on physiological or behavioural traits

136 questions
14
votes
1 answer

What are the implications of 5 million peoples fingerprints being stolen from the US Government?

The recent OPM hack has revealed more fingerprints were stolen than previously believed. One of the scariest parts of the massive cybersecurity breaches at the Office of Personnel Management just got worse: The agency now says 5.6 million people's…
Steve Sether
  • 21,480
  • 8
  • 50
  • 76
12
votes
2 answers

How to store/encrypt fingerprint?

Storing password is a no brainer : use a password hasher. But.. How do you proceed to store fingerprints securely on your server? Meaning that even if your server and all it's data is stolen, someone cannot retrieve the fingerprints. From what I…
Gudradain
  • 6,921
  • 2
  • 26
  • 43
12
votes
2 answers

Is it possible to reliably derive a key from a biometric fingerprint?

Many products (e.g. notebooks, security doors and now smartphones) support some form of fingerprint authentication. That seems simple enough: A trusted system compares a stored representation of a fingerprint with the one presented to a fingerprint…
lxgr
  • 4,094
  • 3
  • 28
  • 37
12
votes
2 answers

Is using Touch ID with FileVault full disk encryption secure?

I recently purchased a Macbook Pro (late 2016) which now includes Touch ID, like the iPhones have been for a while. Although this is a very convenient addition, I am wondering how this affects the security of full disk encryption (with FileVault…
tkers
  • 221
  • 2
  • 4
11
votes
3 answers

iPhone 5S security: Given someone's fingerprint can I use a 3D printer to create a fake finger with a real fingerprint on it?

With such a big deal being made about the iPhone 5S's fingerprint reader (and formerly the Thinkpads' fingerprint readers) I really wonder how secure it is to use fingerprints in lieu of passwords. If you can dust and photograph a roommate's or…
Flan
  • 121
  • 4
11
votes
5 answers

Non-OEM Biometric Software?

Most of us with fingerprint readers and such devices probably use the software provided by the vendor, to enable biometric OS login or single sign-on functionality. However, I've recently wondered if there is any third-party software that will do…
Iszi
  • 26,997
  • 18
  • 98
  • 163
10
votes
1 answer

Are fingerprints less secure (at a software level) on Android (10+)?

Inspired by this question (and more specifically, this answer to the same): When a passphrase is used, the encryption key is not stored directly in the device. [...] When using biometrics, each reading differs, so no unique value can be used to…
Matthew
  • 423
  • 2
  • 8
10
votes
1 answer

How secure is Windows Hello when used with Intel 3D facial recognition?

Windows 10 mobile devices, Surface Laptops, and several other 3rd parties integrate an Intel Realsense 3D camera. Windows Hello extends this 3D camera to support user authentication. What security parameters are used to describe the relative…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
10
votes
3 answers

Why do smartphones limit the amount of fingerprints that can be recorded?

On my Android device, I can store up to 3 fingerprints to unlock my phone with the fingerprint scanner that is built in to the home button. On iPhones it's 5 fingerprints if I'm not mistaken. But most people have 10 fingers and I can't imagine the…
Pascal Sommer
  • 185
  • 2
  • 10
10
votes
3 answers

What advantage does the Bloomberg authentication system have over traditional 2 factor?

Bloomberg clients have an interesting way to authenticate to the server. This seems involve some of the following: Logging into a secure website, that displays a flashing square Swiping your finger against a portable fingerprint reader Placing the…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
9
votes
3 answers

Plausibility of DNA sequence for encryption

To start with: This is in consideration of in-body implants. The answer should (initially) assume there is no record of your DNA sequence mapped by a third party yet. The question boils down to using your own DNA sequence as private key for…
Pogrindis
  • 181
  • 10
9
votes
1 answer

Is Apple Face ID a good security feature?

This paper demonstrates how face liveness detection could be easily defeated by virtual models built from your public photos. If you consider the instagram/snapchat phenomenon where users post selfies and front-facing videos on a daily basis + the…
Acacio
  • 93
  • 6
9
votes
1 answer

Feasibility and scalability of a large biometric system (e.g. Aadhaar)

Over the last five years, India has systematically advanced a biometric identification scheme, which now has an enrollment of over 800 million users. To ensure the accuracy of matching for such a large population, the Biometrics Standards Committee…
Jedi
  • 3,906
  • 2
  • 24
  • 42
9
votes
3 answers

Are fingerprint scanners easy to bypass?

Thinking about adding a fingerprint based authentication layer, but then I recalled the MythBusters beat fingerprint security system episode -- is this a common issue, and if not, how do you tell if a fingerprint authentication system is easy or…
blunders
  • 5,052
  • 4
  • 28
  • 45
8
votes
1 answer

How secure is my DPAPI Master Key if I enable biometric login?

I understand that Windows DPAPI master keys are encrypted (directly or indirectly) with the user's login password - see e.g. Does DPAPI works if a user hasn't a login password? If I understand that correctly, it means that physical access to the…
GS - Apologise to Monica
  • 183
  • 9
1
2
3
9 10