Why biometrics suck, the Office of Personnel Management edition

[Read the post]

Somehow this seems appropriate.


Lawmakers, too, were upset about the latest revelation. “OPM keeps getting it wrong,” said Rep. Jason Chaffetz (R-Utah). " I have zero confidence in OPM’s competence and ability to manage this crisis."

Nice to see a Utah politician calling out bad gov.


The real threat is the recognizing of persons with a US security clearence. Take fingerprints at the border (we’re talking about a nation state adversary here) and compare them to the OPM DB. When the names don’t match with the passport you most likely found a spook.


I dunno why as it has been shown many time to easily be exploitable. I like my workplace solution, ID card + PIN to access the network. If we could get a trustable real 2 factor service that would be awesome. Some thing like USB dongle+passphrase as long as you don’t end up having one for each service anyway.

Hopefully there is some poetic justice - people involved in stealing other peoples records get their records stolen.


Biometrics are things that you can’t recall, can’t change, and that, by
definition, are not secret. Authentication tokens are things that you
can change, recall and keep secret.

That’s an extremely wrongheaded thing to say.

Ranting against biometrics while ignoring the problems posed by authentication tokens is not just intellectually dishonest, it’s bad security. Authentication tokens can get lost or forgotten. Whether it’s a password or a key, you have to devote significant amounts of security overhead to maintaining a system that allows you to change or replace them as needed. Simple tokens compromise your security, but complicated ones degrade user convenience, and in real world situations, users always choose convenience over security. In contrast, biometrics are always complicated, usually very convenient, and cannot be lost or forgotten because they are always with you.

Each and every security model has its trade offs, things it does well and things it sucks at. That’s why organizations that care deeply about security use multiple factor authentication, so each method can help shore up the defects of the other. But for ordinary day to day security, people are going to use a single factor, and right now, biometrics is trending for ordinary security because its downsides are seen as less severe in many common situations than the downsides of the alternatives.

1 Like

But the big downside for storing biometric material incorrectly is catastrophic. This is closer to storing unrevocable keys in plain text (actually it is precisely that).

A bcrypt of important parts of the bio markers hashed with a PIN? Sure. A photo of my finger? No.


Nelson is laughing because he has no fingerprints.


Remember that police can compel you to use your fingerprints to unlock a computer, but not to give up a password/PIN.

1 Like

I wouldn’t say that biometrics suck so much as misusing them sucks. They are inappropriate for any application where a “man in the middle” attack is possible.

Fingerprints? Try Facial recognition software. I have no idea how the CIA handles this, and it’s probably classified.

1 Like

Yeah, the real problem here is the persistent idea that fingerprints alone are a secure proof of identity just because they happen to be unique. At least with a regular password people can be forced to change them and don’t spend literally their entire life compulsively writing it down.


But the hacker(s) already own a verified fingerprint DB - building, cross-checking and verifying a new data source is much harder.

1 Like

That’s not a threat - that’s a feature! :smiley:

We need more such leaked databases. Please include also China, Russia, UK, and Israel, inter alia. And don’t stop there.

1 Like


It’s not a new data source at this point. They’ve been burning intel officers with it for a while now, most likely. If frikken Facebook has the technology, the various intelligence agencies have probably had a decent analogue for twice as long. Fingerprinting at borders is actually not that common, and a lot of biometric schemes actually don’t memorize your fingerprint anyway, but instead use the fingerprint to generate a hash that can only be regenerated with your fingerprint. So stealing the hashes doesn’t give you sufficient information to regenerate the fingerprint.

What about bruteforcing the hash to generate a matching fingerprint? It does not have to be identical to the source, it has only to match enough to get you through.

True, but changing the fingerprint hash generation schema will make that data useless. Of course it doesn’t change the fact that fingerprints are incredibly insecure.


As fingerprints increasingly replace passwords as a day-to-day security measure for unlocking your iPhone or even your home, security experts have grown concerned about how hackers might leverage them.

An important difference is that Apple doesn’t store the fingerprint info in a central database.