Forget CISPA and such, I'd say that initiatives like this are the biggest threat to internet freedom and anonymity.
Unless burner phones become available that support FIDO protocols and that can be purchased for cash, this idea will make "Login with Facebook" seem like child's play by comparison.
In what way do they suck, in which cases? Do they really need to stop being used?
I'm not just being pedantic. I just haven't had any problems with the concept of passwords as a security measure. Many implementations are flawed, but that is a different manner.
Using Smart-cards for authentication is a great idea. The problem of this is that you could be forced to have a unified identity across all accounts. This has potential privacy and blacklisting implications.
David Chaum knew this all in 1980 and proposed a great solution: Allow each user to keep a database of pseudonymous identifiers such that one is associated with each organization will be automatically presented when needing to authenticate.
Edit: It should also be noted that if you use multiple pseudoanymous identities no PKI is necessary which solves a major MITM and infrastructure problem. You simply link a public key to your paypal/gmail/whatever account upon creation. Only paypal/gmail/ needs to know about that mapping.
I might be too late to jump in here, but here are my thoughts on TwoFactor authentication using "unique"* biometrics.
If I scan my fingerprint in to authenticate or scan my retina, on a device that knows my physical location, that is a more literal check-in than anything that exists today. Essentially a check-in would have near absolute certainty that the actual person authenticating was at that place at that time.
That's scary to me; one may have a GPS on their phone today, but that's the phones identity, not the owners. If one signs ones credit cards with a thumb print or a retina scan, one is proving beyond any shadow of a doubt that one was present at that place at that time.
This may or may not be something one wants and one should be conscious of the realities of biometric authentication.
*Just because no one has presented a copy of a retina that can pass a retina scan does not mean one does not exist.
If it's a custom made stick, and not just some dumb mass-storage, it could do the crypto authentication in the stick itself, without ever copying the private key to the main device. It's basically how smartcards work.
When I was at IronKey, we had the same sort of idea -- add security via two factor authentication. That second factor? A physical token, in this case a USB drive w/ on board crypto chip (think USB drive as a smartcard).
That pretty much went not too far.
Anything that requires you to carry an additional device is doomed to failure.
If they do this in an open way, it will be one of the best changes for the Internet in a long time. If it is done I. A closed way, a great force for evil. Devil is in the details for sure.
Something g which lets users delegate their security to some kind of sent, and then authenticate to it with various challenges (including biometrics), and allows a cooperative s unity policy between users and administrators (where each action has a different risk profile, so sending money to a pre approved account is low auth required vs something like changing your auth credentials...) is the solution. Not sure if this is it.
There are a certain class of biometrics called "Revocable biometrics." You combine the biometric data with a password, and you can revoke it by merely forgetting a password.
As I understand it, no. It's reduced to a token and all network authentication is done by the token. The token may ask you to authenticate yourself to it via biometric or password, depending on how much security you want. Assuming the token stays in your possession, there would be little need to change the secondary authentication.
Again, I have nothing to do with this project, just my interpretation of how it works.
The so-called "Internet of things" adds another wrinkle. Barrett talked about
development of refrigerators that can sense what food is inside them and
automatically order replacement groceries. Perhaps such technology will be
commonplace in a few years—and your refrigerator will need a way to pay for food.
"It begs the question, do you really want your refrigerator to know your PayPal
password?" Barrett said. "Unless we can solve that problem, life is not going to
be good."
This is a problem that has already been solved. You create an authentication system that supports different privilege levels. You create a secret key for your fridge on a secure device (after authentication with your password). You then transfer this custom-made secret key to your fridge which gives it the privilege to spend no more than X amount on groceries to a small list of trusted vendors.
The biometric solution discussed in the article doesn't even solve this problem. Do you really want your fridge to store your fingerprint or retina data?
The part I have a hard time understanding: even if you register your phone as a trusted device and scan your fingerprint on your phone to log in to paypal, all your phone is doing is sending a secret key to paypal's servers (where's it's presumably hashed and stored).
How does that solve the problems the article identifies?
"Left to their devices users will pick horrible passwords and then they'll
reuse them all over the place," Barrett said.
Various data breaches have exposed millions of user IDs and passwords.
While passwords are typically exposed in an obscured or "hashed" form,
increasingly powerful processors and password cracking programs allow
even novice hackers to convert them into plain text
Biometrics forces you to use the same secrets to authenticate yourself with every service, and if weak security allows an attacker to reveal the "plaintext" equivalent of your fingerprint or retina scan, you're fucked.
Any system that's used to increase the security, entropy or uniqueness of your biometrics for each site you register with could equally be used to protect a single, strong master password instead. At least you could change that if it somehow got hacked.
Why would you want your phone to be the key to your most secure data?
Also from what I've seen in the past most finger print scanning and cheap, "organic" identity verification tech is not reliable and easily circumvented.
Despite not being perfect, basic password authenication (or even better- pass-phrase) is a security mechanism that's easily understood, easy to implement and can be pretty secure.
(Although still possible to do badly/incorrectly as we keep seeing).
I want a widely adopted standard for 2 factor authentication. You are not sending your fingerprint to companies, you are sending a key generated by your hardware from your fingerprint.
Not just that, but in lesser-developed countries biometric identification can be dangerous. If you get mugged for your ATM card, you can tell them your PIN and they'll let you go, free to repeatedly use your card until you freeze it. But if you need a fingerprint to authenticate, they're going to let you go too, and maybe with one less finger.
Not really a concern in America, but in other places like Mexico, Latin America, India, Asia...
Modern fingerprint readers check for temperature and pulse[1]. That doesn't undo the actions of a determined, but ignorant, criminal that saw such a gruesome technique to bypass readers in a movie.
You are forgetting that it only works for your finger sensor.
2FA: your specific finger sensor's token + some key your sensor generates from your fingerprint
India's uID project has the biometrics and identity information of over 327 million civilians. This means they've reached about a third of their goal of creating a nation-wide identity and biometrics database.
Rumor has it that if someone gets offended at a post you wrote online and reports you, PayPal will freeze all of your online accounts in one fell swoop.
Unless burner phones become available that support FIDO protocols and that can be purchased for cash, this idea will make "Login with Facebook" seem like child's play by comparison.