For a web system that is under attack 24/7 from 255^4 different attack vectors, you need "secure against even absurdly complex attacks" to be "secure."
But for my house? Your average thief isn't going to spend the time to take a high-res photo of my keys. Instead, they're just going to beat me until I give them my keys (the original "rubber-hose crytography") or just take a crowbar to the door. It's just not worth it to use such a complex attack.
(Yes, I can see uses for being able to break in without giving away the fact of the breakin, and I'd be surprised if the CIA/NSA/etc hadn't already used a similar technique, but for everyday life it's just a cool theoretical hack that would make a great plot point in a Neil Stephenson novel.)
Yes, they'll just bean you until you give the key.
You put an easy to open fake safe in a clandestine but still fairly obvious location (eg: behind a picture frame). Sort of like a real life honeypot.
You hook up a surveillance system pointing to the safe or maybe even inside the safe that triggers when the safe moves or opens. Maybe hide a gps chip inside the safe (they are tiny these days).
Bam, you have a photo of the criminal, time of the crime, and you get alerted instantly and silently. Chances are you or the police can interfere in time or you'll have some sort of lead on the criminal since you know what they look like but they don't even know you're after them already.
When this burglar's photograph was taken, he thought he had effectively disabled the home's security system. But he is still able to commit new burglaries, as no one has been able to identify him so far.
"Stewart E. Pesheck, 42, of Minneapolis was arrested on June 9 during a traffic stop in Minneapolis."
It's still an interesting example of the futility of most security attempts. The story notes the earlier surveillance photos but doesn't mention how much they helped.
Furthermore, there's the small matter of proof. Even if you happen to see the person who robbed your house and you locate them a couple days later, it can be hard to prove that they were the criminal. A photo solves this problem nicely.
Anyway, this combined with the fact that in the city many buildings are apartments and not houses (and so you need to climb to get in) means that thieves don't steal large things often.
However the one that broke into my parent's house searched a few areas in the bedroom and successfully found the hidden safe, and proceeded to break into it.
One could eventually get in, of course, but not in the timeframe of a typical burglary. Same problem with regard to moving it off-site.
Depending on the level of physical security surrounding the lock itself, this difference could be as extreme as the difference between knowing the password and having a great rainbow table. In the former case, you can log in as the owner without arousing any suspicion. In the latter case, you have to have some time when nobody is looking (download the hashed password database).
Pretty much anywhere with windows is vulnerable. Break window, reach through, unlock door. I think that's what those robbers did.
Of course, then they could chop your finger off.
But then, that lock allows for PIN code + finger... so after they've chopped your finger off, they still won't be able to get entry without the PIN code.
Or they could just beat you until you opened the door. Traditional methods are still the best.
Don't the finger printers have "pulsox" (pulse and oxygen level) sensors in them like those dinky devices they use in hospitals that just clip on your finger.
Threatening to chop their finger off would get most people to open most doors I imagine.
I'd just like to point out both that I forget things some times and other people are new to stuff all the time.
So, while it might not be NEWS - it is always good to keep stuff conscious.
As an example, I was actively training to lock sport some years ago - but havent done anything in a long time (though I still lie to myself and believe I am into it) - but honestly have never thought of using a secret hidden webcam sized CMOS to zoom in on a lock waiting for the key to arrive.
Fuck, that is actually brilliant.
Now - instead of anything - I need to worry about a secret camera pointed at a keypad (rather than lock).
I ONLY use the keypad to enter my apt building.
At my, now previous, office - I have used the keypad to code entry to the door for 10 years.
I was caught by some anon who lived in the building and she interrogated me as to who I worked for, why I used the code, why not a key etc...
She stated "someone could see you entering that code!" - I replied "I'd see them close to me!" - obviously though I am wrong now.
I thought she was a crazy bitch - but thinking of this, now not so much.
In fact - a small device with a cam and a 3G card with periodic pic uploads is perfect and can be built for cheap if not on the market.
Even my new office has keycode access, where when I went for the interview (over by pixar) I found myself trying to spy on workers of the building entering their codes as they returned from lunch...
You know what would be an interesting defeat of such attacks: in addition to keycode - you have a timing around the entry. i.e. first keypress, wait 2 seconds, second wait 1, third wait 4....
The most I've ever seen used on cheap commercial doors/residential is a pick gun, but 99% of the time it's a boot, ram, pry bar, etc.
They do call in locksmiths to open safes, etc. afterward, to get evidence.
Anyhow I guess your point is still valid. Someone wanting to get in and out of your house without living a trace could use some other means not necessarily involving the door, though most of the time they would risk looking suspicious to potential witnesses.
I think that the certified (EU norms) locks are tested so that they provide something like at least 5 minutes resistance against the best known non-destructive attacks.
This is information I'd want my sister to be aware of, as I can easily see how I'd use it to hypothetically abuse someone.