When your password leaks:→ Change your password→ Problem solved
-
@jfml @capitainesam I would hope that your phone takes a "fingerprint" of your fingerprint, i.e. enough to verify but not reconstruct.
@ill_logic @jfml @capitainesam every proper implementation hashes the fingerprint, just like you don't store clear text passwords in the shadow file...
The question is, is this a proper implementation on phones...
-
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam I don't think it's true.
If I compare to SSH keys. My face is the password of my private key.
Generating another private key with the same password is still possible and it's a different key. -
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam the ultimate argument against the stupidity of moving away from just using passwords. All this biometric stuff can go take a leap. I'll never use any of it.
-
Subscription model = we serve users, not advertisers.
No ads = no need for behavioral tracking
No tracking = no biometric data to "verify" you
No biometric data = nothing permanent to breachSimple.
Won't the law require you to to biometric ID?
-
@capitainesam So maybe you combine biometrics with password/passkey?
One of the foundational stories of cyberpunk illustrated a defense against biometrics fraud. The hackers targeted a victim that used fingerprint login. They managed to get a copy of the victim's fingerprint and used it.
Then the victim's security system kicked in - because the victim always deliberately *failed* the first finger login and used their *second* finger login...
@dancingtreefrog @capitainesam GrapheneOS supports a pin as second factor for biometrics
-
@vrek @capitainesam I seem to recall that it was William Gibson's Neuromancer; the incident that lead to the main character's nervous system being crippled by the Russian mafia. But it's been awhile since I read it, I could be mistaken.
@dancingtreefrog @vrek @capitainesam I think you're describing Orson Scott Card's "Dogwalker," which involves intuiting a password but failing to realize that the target always miskeyed the first time until too late.
"Neuromancer" does have a character who is neurologically crippled by their employer (with a "wartime Russian mycotoxin"). ("He'd made the classic mistake, the one he'd sworn he'd never make. He stole from his employers.")
-
@capitainesam Don't use biometrics to unlock phones. Police and criminals can grab your hand or aim the phone at your face to unlock your phone regardless of your wishes. They have to ask you for password/PIN; they don't have to ask to simply stick your finger on the phone screen or point the phone at your face.
@dancingtreefrog Easier said than done for most people. Biometric unlock of phones is *so* much more convenient than passcodes that most people would not give it up.
For most, I think knowing the gesture to force passcode entry for the next unlock is probably a more practical skill to practice (on iPhones, you hold the Lock and Volume Up buttons together until you feel a haptic buzz).
-
P Seth of the Fediverse shared this topic
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register LoginWelcome To Podcasting.Chat!
This forum is for podcasters, podcast guests, and podcast enthusiasts alike to share tips, tricks, and their love of the medium.
This forum is fully federated, so you are able to contribute to any discussion here through your own software of choice (e.g. Mastodon, Misskey, Lemmy, Piefed, etc.). So you can sign up for an account here and it federates around the Fediverse. You can also follow feeds and topics from your other Fedi-enabled accounts.
Recent Posts
-
Pinterest still hasnt solved its AI problem - Mashable https://mashable.com/article/pinterest-ai-slop-moderation
-
Georgia says Elon Musk’s America PAC violated election law - The Verge (Terrence O’Brien) https://www.theverge.com/tech/882838/georgia-elon-musk-america-pac-voter-fraud
-
Google resolves glitch serving ads to YouTube Music Premium users - Mashable https://mashable.com/article/youtube-music-premium-ad-glitch
-
Playing with [harborFM](https://github.com/LoganRickert/HarborFM) today. Pretty interesting, a bit like Castopod with different features and no activity pub. It supports various Pod2.0 features which is great and allows for recording in the platform with webrtc.
