IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [biometrics]

Biometrics is a set of methods related to unique identification of people based on physiological or behavioural traits

136 questions
1
vote
0 answers

MFA: can unique biometrics collecting device count as another authentication factor (a possession factor)?

I see in this answer (Aren't endpoint devices inherently MFA?) that an endpoint device doesn't qualify as an authentication factor (AF). But if the endpoint biometric collecting device is uniquely registered with an entity, e.g. with an id number,…
Harold
  • 11
  • 1
1
vote
0 answers

Is Apple’s Face ID less secure in the dark?

Apple’s FaceID on iPhone X works even in the dark using infrared light to “illuminate” your face with an IR projection and collect the features. When designing the algorithms that confirm a user’s face, does Apple lower the “validation thresholds”…
VAndrei
  • 127
  • 3
1
vote
0 answers

How much entropy does Apple Touch ID sensor read fingerprint has?

Iphone uses by default 6-digit PIN that has an entropy of 19.93 bits When iPhone processes the fingerprint, how much entropy does it have? How long should standard passphrase be until it is as secure as touch id fingerprint? Is there any research…
ccccc1cc
  • 11
  • 3
1
vote
0 answers

Security of Passwords vs Biometrics

Would a password with multi factor authentication be more secure than biometrics? I am asking due to the fact that if biometric data gets compromised, there is no way to change it, and in data breaches in the past , millions of sets of fingerprints…
john doe
  • 648
  • 4
  • 15
1
vote
1 answer

Transforming keystroke dynamics raw data

I'm writing keystoke dynamics identifcation as an assignment and I'm having trouble with storing data. I was instructed only to "don't keep raw data" as it should've been transformed. I wasn't told what form data should take to not be considered raw…
wojteo
  • 71
  • 6
1
vote
0 answers

Disable Paste in Password field to use keystroke dynamics as 2FA

Paul Moore argues that one legitimate reason to disable paste in the password field (despite the downsides) is so that the server can use keystroke dynamics (behavioral biometrics) as a second form of authentication. Are there any websites using…
browly
  • 2,100
  • 2
  • 12
  • 21
1
vote
2 answers

How secure is the fingerprint sensor in the Pixel 3?

As far as I understand different fingerprint scanners have different security levels. Old fingerprint print scanners could be fooled quite easily as the CCC (Chaos Computer Club) demonstrated. How much can I trust the Fingerprint sensor in Google's…
Christian
  • 1,876
  • 1
  • 14
  • 23
1
vote
2 answers

Combining a fingerprint scan and password for 2-factor-authentication

UPDATE: I found the answer to the "How To?" part of my question on superuser: Require Fingerprint AND Password/Pin for Windows Logon Is it possible to require a TOTP on Windows Login using existing or custom software? ORIGINAL QUESTION: I'm…
PixelMaster
  • 111
  • 1
  • 8
1
vote
1 answer

How reliable is using Fingerprint sensor (iPhone/Android) for identity approval?

What I'm trying to achieve is a confirmation of transaction (not payment) with a fingerprint sensor. Pretty much like Google does in its Play store: Chose a product, click pay Approve your choice with a fingerprint scan What I feel is that Google…
ovnia
  • 111
  • 3
1
vote
1 answer

Is it possible to save scanned biometrics and use it later

I provided my identity using biometrics for getting a SIM card. Is it possible for this Point-of-Sale guy to save my data and use it later for getting some more SIM cards without my knowledge? If yes, please explain how it is done.
Rama Krishna Majety
  • 113
  • 3
1
vote
2 answers

Can a biometric device serve as a user based entropy source?

I am wondering if a biometric device can be used to generate some entropy or key material that would be stable across each authentication. The contrary would be for biometric devices to act like an oracle, with a simple YES/NO answer to any…
ixe013
  • 1,912
  • 15
  • 20
1
vote
2 answers

Do Apple and Samsung collect user's biometric data?

Since Apple uses fingerprints to download apps from the App Store, I'm wondering if they are collecting our biometric data. If so, I want to know if they hash that data? One day, if the US government asks Apple to give all users' fingerprint data,…
theModerator713
  • 59
  • 1
  • 4
1
vote
1 answer

Can fingerprints read from scanner by a malicious party be used for incrimination?

Assume that: I have submitted my fingerprints to a scanner at an office building for "security clearance" at the gate. The scanner was feeding the fingerprint data to a malicious third party that installed / modified said scanner/attached computer…
Mindwin
  • 1,118
  • 1
  • 8
  • 15
1
vote
2 answers

When to use only biometric authentication?

I have seen a variety of banks allowing access to their remote banking environment with just your fingerprint (via iphones and similar devices). Are these valid examples of a wider group of cases where pure biometric authentication is acceptable, or…
David Mulder
  • 1,349
  • 1
  • 8
  • 16
1
vote
1 answer

Biometrics for screen locks vs encryption

I've always argued that, while biometrics can be a step in the right direction for basic passwords/hashing setups like computer or phone lock screens, especially when combined with multi-factor authentification, I have yet to see any value in the…
Verbal Kint
  • 737
  • 1
  • 6
  • 20
1 2 3
9 10