|
|
|
|
|
|
by dvdhnt
3465 days ago
|
|
|
> 1. Digital authentication for purchasing is moving towards non-transferable biometrics ( i cant divulge my thumbprint like i can my pin ) It's an interesting topic as we've seen in recent news coverage that authorities can compel the accused to provide a thumbprint to give investigators access. While this may be in accordance to something like password authentication, I'm still concerned about the ramifications. For example, what if authorities compel accused individuals to store their thumbprint rather than use it directly? Is that possible? And how will it be protected? |
|
|
We had a business problem several years ago where a population of users who didn't need individual access control needed controlled access to a system based on where they were and if they were assigned a specific task.
The solution was an RSA token mapped to a device specific user account. The single auth factor was the rotating code.
The upside of this is that we got to control access to a system potentially available to the public in an environment with high turnover and other operational challenges. The downside is that whomever possessed the token (picture an old style bathroom key tied to a big stick) could access the system.
Your thumb is that token. If you need more identity assurance, you need more factors or a protected secret. iPhone offers the latter. If your opponent is someone with subpoena power, you need to think about what and why you're doing stuff on your phone.