Firewall Wizards mailing list archives
Re: Biometrics (was Re: Username password VS hardware token plus PIN)
From: Kevin <kkadow () gmail com>
Date: Fri, 15 Apr 2005 03:41:32 -0500
On 4/14/05, Marcus J. Ranum <mjr () ranum com> wrote:
Paul D. Robertson wrote:I don't think a wrist is that much more trouble than a finger to a machetteI know you're just being funny, but this all misses an important point: against an opponent that is willing to physically attack, threaten, or torture you ALL authentication systems are worthless. Especially if you assume a level of indirection can be added (I.e.: "log me into the system or your child dies.")
There are relatively simple safeguards that can be added on to most systems to address this. For example, many ATM systems (and also the SecurID hardware token product) support what are called "duress PINs". Basically, enter your PIN backwards, and the system still grants you access, but also sets off a silent alarm. This of course lends itself to "Get Smart" style mind games -- If your PIN is 1234 (the kind of combination an Idiot would have on his luggage), do you tell the attacker your PIN is 4321, but then he guesses you gave him the duress PIN, so maybe you give him your real PIN and he reverses it himself (and so on). Kevin Kadow -- Unofficial SecurID User's group: http://groups.yahoo.com/group/securid-users/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Crispin Cowan (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Marcus J. Ranum (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kurt Buff (Apr 14)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Kevin (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Vin McLellan (Apr 19)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) ArkanoiD (Apr 15)
- <Possible follow-ups>
- RE: Biometrics (was Re: Username password VS hardware token plus PIN) Jeremiah Cornelius (Apr 15)
- Re: Biometrics (was Re: Username password VS hardware token plus PIN) Adam Shostack (Apr 14)