Windows Hello

[Newt]

I just saw this, an blog post by Microsoft about plans to integrate biometric identification in place of passwords between Windows 10 computers.

We have had other discussions of biometrics here, and generally the conclusion seems to be that they are silly, inconsistent and difficult to use in normal situations, as the results need to be quick, yet consistent in allowing only one person to access a device. This post is making the assertion that they shall offer 'enterprise-grade security that will meet the requirements of organizations with some of the strictest requirements and regulations', using in some cases existing hardware. That is rather a big thing to pull off.

Some of the ideas seem practical, some logical, and some rather, strange:

Once authenticated with “Passportâ€Â, you will be able to instantly access a growing set of websites and services across a range of industries – favorite commerce sites, email and social networking services, financial institutions, business networks and more.

As I am sure can be inferred from what I have here, I am skeptical that it is going to go smoothly, the article seems to skirt the issue of making the actual recognition, and discuss the admittedly nice concept, but without addressing the root of the issues that have plagued biometrics before, actually recognizing the user.

Thoughts?

[Camacha]

Any type of security that cannot be changed it incredibly stupid and dangerous. When your biometrics are out there, they are worthless. A password is easily changed to lock out any and all attackers when it gets stolen. Additionally, privacy concerns are rampant.

It sounds like a circus of bad ideas, to be honest. I truly detest this trend to use biometrics.

[Rakaydos]

Biometrics shoud never be the whole answer. However, they should be PART of the answer.

[Camacha]

However, they should be PART of the answer.

Why? How are you going to fix the problem that they can be stolen?

[Redjoker]

For security remember something you have, something you know, and something you are. In other words, a keycard or something similiar, a password, and some form of biometrics.

[Bill Phil]

Why? How are you going to fix the problem that they can be stolen?

Can you steal a thumb? Yes. Can you steal a living​ thumb? Maybe. But it's much more difficult.

[Dodgey]

Can you steal a thumb? Yes. Can you steal a living​ thumb? Maybe. But it's much more difficult.

You can steal the pattern of the thumb, you don't need the actual thumb, that's ridicules.

[Rakaydos]

Why? How are you going to fix the problem that they can be stolen?

By changing the password that goes with it. And access card.

Something you are (biometrics), something you have (card) and something you know (password). Need at least two to access.

[Chrisd857]

You can steal the pattern of the thumb, you don't need the actual thumb, that's ridicules.

Thumb printing could be annoying from skin conditions that make your thumb print hard to see. Or what if you have a bandage on?

[AngelLestat]

You are all forgeting something.. that it would be an user choice..

To those users who has the "device" and they think is better for them... they will use it..

For those who think the opposite or believe that is annoying, they can keep the old method..

In my opinion it will be more safe, but I dont want to buy the device... So I will do it the old way: *********

With the time hacks that points to certain model of device will appear, the same way that if hackers knows what model of router someone is using, they have more chance to exploit.

Edited March 18, 2015 by AngelLestat

[cpast]

You can steal the pattern of the thumb, you don't need the actual thumb, that's ridicules.

For many years, a simple pattern has been insufficient to fool sensors. Just about every fingerprint scanner on the market has things to detect whether there's an actual human finger there, or if it's a bit of plastic. It can be fooled, but it's not trivial to do so.

[Rosco P. Coltrane]

Actually there's an episode of Mythbusters where they try a number of high-end devices... It was very silly really, at the end, all they needed was a finger print, some enhancement picture (even just a black marker to have a cleaner print)... They built fake finger and all and even got the machine to accept the print on a piece of paper!

In any case, the problem with fingerprints is that you leave them everywhere all the time, you don't leave your password in everything you touch... No matter how good a device is or can be, it's like having a supper dupper lock and leaving a copy of the keys everywhere you go for anybody to make a copy.

[AngelLestat]

yes... because a keylogger which with the correct troyan file can infect not just one, if not several computer over all the internet without doing forense work in a strange house.

And if a device fails to recognize a true fingerprint from a fake one, then we just need to blame the device..

[RainDreamer]

I am pretty sure that high end biometric scanner use infrared to scan the blood veins under your skin, which is hidden from plain sight, does not change easily, and difficult to fake. But I doubt they are putting that on a computer.

[Newt]

I am pretty sure that high end biometric scanner use infrared to scan the blood veins under your skin, which is hidden from plain sight, does not change easily, and difficult to fake. But I doubt they are putting that on a computer.

Yeah. From my reading of the article, it sounded like it was going to be workable on preexisting hardware, which would mean that they would get a lot of not so high end readers. My laptop has a fingerprint scanner, I have never used it, but it is not by any means fancy, high end, or something that I would trust.

Maybe I should try to set it up (possibly horribly difficult on linux ), and report back my findings.

As for thumb printing, there was a contest a while back, where some people bypassed a reader with something like a wet 3D print of someones thumb print pattern. I should look into that, but I think it fooled a somewhat good scanner.

[magnemoe]

You are all forgeting something.. that it would be an user choice..

To those users who has the "device" and they think is better for them... they will use it..

For those who think the opposite or believe that is annoying, they can keep the old method..

In my opinion it will be more safe, but I dont want to buy the device... So I will do it the old way: *********

With the time hacks that points to certain model of device will appear, the same way that if hackers knows what model of router someone is using, they have more chance to exploit.

Yes it has to be an user choice, for one many computers have multiple random users.

Biometric works for simple security, as in having family or friends accessing your computer.

It also work pretty well together with an password without having to deal with an keycard who you miss.

No its not an totally secure system: for that you want an keycard to. Security has to be measured up against inconvenience.

Having to call in to get an new daily password helps security but is not convenient.

[Bill Phil]

You can steal the pattern of the thumb, you don't need the actual thumb, that's ridicules.

They're working on tevhnogy so it takes a living person's thumb print.

[RainDreamer]

They're working on technology so it takes a living person's thumb print.

It is already here. It scans not for the fingerprint, but the blood veins of a finger. You can't fool those things with a fake 3d printed finger or such.

Just that it ain't cheap or conveniently sized. At least not enough to be installed on personal computers.

[KerbMav]

The "lock" on the server asks for the "key" - I cannot give the server my thumb, so data is exchanged - what stops anyone from just sending the data without me and my thumb present?

The data is sent encrypted - like passwords are (if everything is working out that is ...) - but whatabout "thumb loggers"?

Banks (in Germany) use HBCI-signature cards and readers, the reader has its own keypad, so the reader can encrypt signature data and PIN code before sending them to the bank via the computer it is connected to - a separate "thumb reader" would be the answer then?

So, once more we are depending on good encryption basically?

And what happens if someone manages to access the reader from the outside?

[magnemoe]

The "lock" on the server asks for the "key" - I cannot give the server my thumb, so data is exchanged - what stops anyone from just sending the data without me and my thumb present?

The data is sent encrypted - like passwords are (if everything is working out that is ...) - but whatabout "thumb loggers"?

Banks (in Germany) use HBCI-signature cards and readers, the reader has its own keypad, so the reader can encrypt signature data and PIN code before sending them to the bank via the computer it is connected to - a separate "thumb reader" would be the answer then?

So, once more we are depending on good encryption basically?

And what happens if someone manages to access the reader from the outside?

The data from the reader would also be encrypted like they encrypt your password, that is an one time encryption so you can not extract the data.

Yes you could grab the raw data on the pc like an keyboard logger saves your password, a bit harder to set up than an keyloger as it has to hack/ replace the drivers of the specific device.

Again biometric is less secure than keychain but you are unlikely to lose your thumb. I say they are more secure than passwords for most people and most settings.

Most people use easy to guess password and don't need much security just to keep curious/ suspicious away and prevent abuse of your stuff.

You will hardly use this for banks, both security and lack of standards, you might use it in shops, however here you have refund options and additional security.

Anything is more secure than credit cards who anybody can copy the numbers from.

[Camacha]

I am pretty sure that high end biometric scanner use infrared to scan the blood veins under your skin, which is hidden from plain sight, does not change easily, and difficult to fake. But I doubt they are putting that on a computer.

All fancy technologies turn out to be easily fooled, as already shown by the Mythbusters episode. I do not want biometric identification and I will not use any device that has it.

[RainDreamer]

All fancy technologies turn out to be easily fooled, as already shown by the Mythbusters episode. I do not want biometric identification and I will not use any device that has it.

[Camacha]

I don't think you can refuse your finger scan in customs when you cross borders these days, and I believe they use that very technology - infrared scan of finger veins. It is a requirement with your passport data.

Obviously there is little you can personally do about being forced by government type organisations, outside of calmly and clearly communication your objections of course.

Biometric scans is just another link in the chain.

The thing is, biometrics are inherently flawed because they cannot be changed. If your finger print is out there, it is out there. No chance of switching without drastic measures. Plus, people will be convinced it could have only been you, meaning a whole heap of trouble when security gets compromised. If having a secondary measure, like a password, is supposed to mitigate that we should simply use that in the first place. Luckily, I am not the only one that sees the dangers in this biometrics thinking.

It might even have consequences for criminal cases. If your finger print data is spread throughout numerous organisations and countries, the value of finding a print at a certain location diminishes quickly.

Edited March 18, 2015 by Camacha

[RainDreamer]

If having a secondary measure, like a password, is supposed to mitigate that we should simply use that in the first place.

Because good security use multiple layers of identification, and they all work together. If password is leaked, you can still check if the person entering the password is the person with authorization for access through biometric and other means. Never depend on one layer of security if you want to be safe.

Biometrics takes a lot more effort to be faked too, especially for advanced scan like retina scan. It is not easy, even if you have all the information for the vein patterns, to replicate an eye with all the complex systems of extremely small capillaries that is in a person eye (don't believe the hollywood trick of using a contact lens, the scan doesn't work that way). Advanced system also require you to be scanned for a few seconds to detect blood flow, so that it knows if a dead body part is being used, even.

And when you coupled that with a physical key card and a password, your security is pretty tight, and it would require a really determined infiltrator to get in such places.

Though, we are getting way off topic. The context of security being talked about here is home security. Which means less important data and information, and much, much less determined attackers. Usually your cousin/niece would just give up with another layer of security by just having to swipe your finger there along with a password, they are not going to bother faking the print, even in the unlikely case of they having the means to do so. Try an USB key too and no one will bother. Although you might be called a nut.

[magnemoe]

Obviously there is little you can personally do about being forced by government type organisations, outside of calmly and clearly communication your objections of course.

The thing is, biometrics are inherently flawed because they cannot be changed. If your finger print is out there, it is out there. No chance of switching without drastic measures. Plus, people will be convinced it could have only been you, meaning a whole heap of trouble when security gets compromised. If having a secondary measure, like a password, is supposed to mitigate that we should simply use that in the first place. Luckily, I am not the only one that sees the dangers in this biometrics thinking.

It might even have consequences for criminal cases. If your finger print data is spread throughout numerous organisations and countries, the value of finding a print at a certain location diminishes quickly.

The point is that it can not be changed, yes this is a feature, note that if someone want you fingerprint its pretty easy to get, just collect some item you have touched, an soda can is perfect, I could get it in your trash during night for that matter.

I can now scan your fingerprints, however its easier just to drop the can on a crime scene.

However biometric is pretty pointless for cloud access as the article points out. Let say someone make an virus who grab the fingerprint signatures on a popular device like an macbook and send them to you, you can not uses another hacked phone to inject this data into the driver and send it.

Now apple has a problem, if its impossible to reprogram the reader so it sends other data the authorization is broken for good, you can as you say not change fingerprints, you could change the software so the old drivers don't send valid data anymore however if someone hack it they can use all the old fingerprint data again.

However the problem here is popular computers with popular os, windows is far more popular but also has lots of laptops with various readers.

Using it to unlock an phone or pc locally is another issue, here its no mass penetration, having your fingerprint don't help unless you go trough an complicated process, simpler to just use the hard drive or replace it with an blank.