|
|
|
|
|
|
by consp
3778 days ago
|
|
|
I have to comment on touch ID: Biometrics are in no way an authoritative option for the simple fact that they cannot be replaced. You can identify the user with it, sure. But you should never use them to authorize anything because if stolen or compromised, the user cannot change it. While you might say the scanner + data storage is secure, this is just temporal and can change over time. As revocation of the biometrics is identical to revoking the user, this is to be avoided for authorizing transactions. You can, however, identify the user with something like biometrics, and afterwards request an authorization of the transaction with something else (possession of key (good), +pin (better), or easiest a simple 'yes'(less than good)). |
|
|