Firewall Wizards mailing list archives
Re: Biometrics (was Re: Username password VS hardware token plus PIN)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 14 Apr 2005 21:51:34 -0400
Adam Shostack wrote:
Generally, that's true, but as a layer in a well thought out system, they may be helpful. (Eg, the guard watches you put your head up to the retina scanner before he lets you in to maintain the shiny weapons.)
If you have actual guards, make the guard's job to verify identities and know who they are dealing with. I.e.: a book of names and photos is sufficient. If you want extra credit and are worried about "mission impossible" style masks, have the guard tug each person's nose and ears really hard. In the case where you have a human guard in the system, the human guard will generally (assuming it's not a $7/hr idiot) so dramatically out-perform a computer system that you may as well omit the computer system entirely. "Private Bob: these are the scientists that have access the this lab. Get to know them well. If you see anyone in the lab who doesn't belong; shoot them. Scientists: this is Private Bob. He's a US Marine and he'll shoot anyone he doesn't recognize. So I suggest that if you are planning on changing your hair style or anything, it's in your best interest to discuss it with Bob beforehand. Carry on." As in so many other places we want to over-rely on technology when we really have no justification to do so. Several people have used the words "cost, benefit, analysis" in this thread but we as an industry really don't understand how to think clearly about where technology is valuable and where it isn't. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Crispin Cowan (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kurt Buff (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kevin (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Vin McLellan (Apr 19)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) ArkanoiD (Apr 15)
- <Possible follow-ups>
- RE: Biometrics (was Re: Username password VS hardware token plus PIN) Jeremiah Cornelius (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)