
Goodbye, Password. Banks Opt to Scan Fingers and Faces Instead - Futurebot
http://www.nytimes.com/2016/06/22/business/dealbook/goodbye-password-banks-opt-to-scan-fingers-and-faces-instead.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=second-column-region&region=top-news&WT.nav=top-news&_r=0
======
allan_s
People who still not have understood

"What you are" (fingerprints / faces)

"What you have" (a token/card)

"What you know" (a password)

are different things, that you should adds up for improved security, not trade
one for the other

~~~
fuzzieozzie
And given that "police" have access to your fingerprint and your token/card
then the only thing protecting you from self incrimination is your password !

[http://www.theatlantic.com/technology/archive/2016/05/iphone...](http://www.theatlantic.com/technology/archive/2016/05/iphone-
fingerprint-search-warrant/480861/)

~~~
lotu
The police can subpoena your bank and obtain your finically information with
out knowing your password.

~~~
protomyth
People aren't worried about the bank records, they are worried about the
biometrics. Never mind the first security breach and leaked data.

------
reustle
2018 news article: Hackers steal 1.8 million fingerprint records from BigBank

Great, so now they can use those fingerprints to log into every other system
that also requires my fingerprint. I guess I'll just have to change it... oh
wait

~~~
ams6110
They've already been stolen from the OPM hack a few years ago.

~~~
therein
Pssh, it's not like any of those people whose biometrics are stolen are in
important decision-making roles. Oh wait...

------
kevin_b_er
It isn't what you know, but a a picture of the eye that will serve as the
password, or the hashed picture of the eye.

The result is a password you don't know, but one the app or the bank can leak
that you cannot change. Thus, this lowers security.

------
shdc
fingerprints are usernames, not passwords:
[http://blog.dustinkirkland.com/2013/10/fingerprints-are-
user...](http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-
not.html)

~~~
dragonwriter
> fingerprints are usernames, not passwords

While the article you linked to points out correctly why they aren't good as
passwords, they also aren't good as usernames (though they may be good as an
alternative by which a username is looked up, with a fallback to using the
real username), since they can be destroyed.

~~~
_red
"Searching" on fingerprints is difficult to scale as users move from tens to
thousands.

The best system is:

1\. User inputs username.

2\. Fingerprint is used to confirm username.

3\. User inputs password.

~~~
tectec
Palm prints were used at a nuclear facility I visited as an alternative to
fingerprints in step 2. After you scan your id card you scan your palm print
and the system verifies the palm matches the one that is registered with the
card. They are not as unique as finger prints but it makes it much more
difficult to use someone else's card (or username).

------
kator
I have massive issues with the fingerprint systems like Apple Touch ID because
of my eczema. Sometimes I have to retrain as often as once a week. I'm not
alone with this problem, how exactly will these systems approach people with
very real challenges with fingerprints, missing eyes and other issues?

~~~
LeoPanthera
I'm not offering this as a solution, but Touch ID reads subdermal features and
therefore works on literally any exposed area of skin, not just your finger
tips. People have tested with MANY parts of the body. (Seriously.) Perhaps you
could use some other part of you to train the sensor?

------
oolongCat
If this replaces passwords, I am quitting this industry to raise chickens in a
cave.

~~~
dredmorbius
Stay out of my cave!

(It's the new "get off my lawn!")

------
cesarb
Several banks here in Brazil have fingerprint readers in their ATMs. This
makes at least two factors: what you have (the chip in your bank card, which
also identifies you to the ATM) and who you are (the stored fingerprint).
Depending on which operation you are doing, or on the amount of money
involved, the ATM can also ask for the third factor (what you know): one or
more of a numeric password, an alphabetic password (chosen from a group on the
screen, so shoulder surfing just once isn't enough), the first/last three
digits of your tax ID, your mother/father first name, and so on.

For phones, things aren't as advanced, though a bank manager told me that
fraud happens more often when online banking is used on the computer, not on
the phone. The phone is, in fact, often used as the second factor for online
banking in the computer.

~~~
plaguuuuuu
So now if you live in Brazil you have to worry about people chopping off your
fingers to take your cash

------
matmann2001
So, when a bank leaks my fingerprint, I can just get a new one right?

~~~
LeoPanthera
I know you're joking, but you do have ten of them. They're all different.

------
peterbonney
Passwords are the worst form of authentication, except for every other form.

If you want to ALLOW me to authenticate with biometrics, fine. But please for
the love of security don't FORCE me to do it... And certainly don't make me
use it without a second (non-biometric) form of authentication!

------
shostack
What could possibly go wrong.

I wonder how many of these banks currently have low character limits on their
text passwords.

~~~
chrsstrm
What a strange coincidence, this seems related to two new hobbies of mine:

    
    
        1. Collecting any high-quality selfie I find on the internet
        2. Preserving the fingerprints of anyone I "meet"    
    

_All in the name of art, of course_

I mean both of these things were left in the public domain, no one would mind
if I saved them...

------
FussyZeus
Is there such a thing as an insufficiently complex face?

Also what do you do if you're in a fire?

~~~
beamatronic
I can see it now. The workaround will be they will ask you to draw nonexistent
facial features with a Sharpie.

~~~
FussyZeus
"Ah shit, which curly mustache did I use for the Amex..."

\- Me in the future

------
jnpatel
+1 to U2F:
[https://en.wikipedia.org/wiki/Universal_2nd_Factor](https://en.wikipedia.org/wiki/Universal_2nd_Factor)

~~~
foxylad
U2F is a good addition, but the current incarnations suffer from two issues.

First, most of us need access to our phones (no USB reader) and our computers
(no NFC). Yubikey have a combo device, but it costs $50.

Second, they cost way too much given that most of us probably need two or
three tokens in case we lose the primary one. $50 is fair enough for employees
of large banks, but until they cost under $5 I doubt they'll take off for
personal use.

If anyone knows of good value combined USB/NFC tokens, please enlighten all of
us.

------
sintaxi
I've been down this road so many times and I always end up at the same
conclusion. When you consider security, privacy, usability, and portability of
each authentication system there are only two that are really viable. SSH keys
OR Email/Password. Both of which have their flaws but have proven time and
time again to be better than any of the alternatives that have been introduced
over the years.

------
dasil003
The Intel commercial with Jim Parsons exhorting the armored car drive to get a
new, more secure laptop where "your face is your password" is definitely a
cringeworthy moment, not just because of its ignorance, but because of how
mainstream it is (plastered all over the NBA Finals).

------
dredmorbius
"Who are you?" is the most expensive question in information technology. No
matter how you get it wrong, you're fucked.

Passwords suck. But virtually everything else sucks far worse.

Biometrics, as many have already noted, 1) aren't passwords, 2) are usernames,
3) aren't universally present, 4) aren't immutable, 5) retain the problem of
_having to be stored as data_ to be verified, 6) aren't replaceable, and 7)
can still be stolen, copied, faked, or otherwise misrepresented. At the very
least. (Is there a "Myths programmers believe about biometric identifiers"
page yet, because there needs to be one?)

Attesting to identity is a long-lived problem, though one that's changed
through the ages _largely_ in the scale of _how many people it applies to_ and
in _what priveleges are granted_ based on attested identity.

Absent some alternative of a _convenient_ , _replaceable_ , _inexpensive_ ,
_repudiable_ , and _effective_ portable token of some sort, I don't think the
identification problem is ultimately solveable.

 _Electronic data are fundamentally different from data-on-physical-media._
Electronic information tend, as Quinn Norton noted, to deleted or public --
those are the only possible end-states.

(Arguably paper-based records do as well, though the ratio of deleted to
public is far higher.)

 _Electronic information lacks mass, and the attributes of mass._ It has no,
or very, very little, inertia. It can be transmitted around the globe in a
fraction of a second. Multi-gigabyte, approaching _terabyte_ storage, is now
possible on fingernail-sized devices.

 _Data transactions unlike financial ones aren 't reversible._ It's possible
to reverse or undo a financial transaction. The seen cannot be unseen, the
heard cannot be unheard. Backing out data disclosures is not possible.

The World Wide Web was created as an _information distribution system_ ,
specifically for academics. It's been extended far past that, but the fit has
quite often been very, very poor.

There's a strong benefit to in-person physical transactions. There's a very
high locality cost: getting to, and being present in, a specific location will
cost you. Current rates are approximately $0.50 per mile traversed, plus other
considerations. Being present in multiple locations simultaneously (or even in
brief time) is exceptionally difficult to arrange. _Physical reality has high
attack costs._

Data presents low attack costs, and increasingly, highly appealing targets.

Devices, systems, users, administrators, vendors, and more, all exhibit
exceptionally poor practices.

As one comment on this thread states, "If this replaces passwords, I am
quitting this industry to raise chickens in a cave." To which I respond: stay
out of my cave.

Because I'm already there.

------
bane
Great, now you can't change the password without getting surgery.

~~~
curun1r
I know this was meant as a joke, but with touch ID, you can have up to 10
different "passwords", or 11 if you're the bane of Inigo Montoya. You could
technically have ten more than that, but most people don't like having to
remove their shoes to login.

It's still not as good as the nearly infinite number of potential passwords,
but it's not like there's only a single possible fingerprint for you to use.

