Why biometrics suck, the Office of Personnel Management edition

Lawmakers, too, were upset about the latest revelation. “OPM keeps getting it wrong,” said Rep. Jason Chaffetz (R-Utah). " I have zero confidence in OPM’s competence and ability to manage this crisis."

Nice to see a Utah politician calling out bad gov.

3 Likes

The real threat is the recognizing of persons with a US security clearence. Take fingerprints at the border (we’re talking about a nation state adversary here) and compare them to the OPM DB. When the names don’t match with the passport you most likely found a spook.

9 Likes

I dunno why as it has been shown many time to easily be exploitable. I like my workplace solution, ID card + PIN to access the network. If we could get a trustable real 2 factor service that would be awesome. Some thing like USB dongle+passphrase as long as you don’t end up having one for each service anyway.

Hopefully there is some poetic justice - people involved in stealing other peoples records get their records stolen.

6 Likes

Biometrics are things that you can’t recall, can’t change, and that, by
definition, are not secret. Authentication tokens are things that you
can change, recall and keep secret.

That’s an extremely wrongheaded thing to say.

Ranting against biometrics while ignoring the problems posed by authentication tokens is not just intellectually dishonest, it’s bad security. Authentication tokens can get lost or forgotten. Whether it’s a password or a key, you have to devote significant amounts of security overhead to maintaining a system that allows you to change or replace them as needed. Simple tokens compromise your security, but complicated ones degrade user convenience, and in real world situations, users always choose convenience over security. In contrast, biometrics are always complicated, usually very convenient, and cannot be lost or forgotten because they are always with you.

Each and every security model has its trade offs, things it does well and things it sucks at. That’s why organizations that care deeply about security use multiple factor authentication, so each method can help shore up the defects of the other. But for ordinary day to day security, people are going to use a single factor, and right now, biometrics is trending for ordinary security because its downsides are seen as less severe in many common situations than the downsides of the alternatives.

1 Like

But the big downside for storing biometric material incorrectly is catastrophic. This is closer to storing unrevocable keys in plain text (actually it is precisely that).

A bcrypt of important parts of the bio markers hashed with a PIN? Sure. A photo of my finger? No.

5 Likes

Nelson is laughing because he has no fingerprints.

4 Likes

Remember that police can compel you to use your fingerprints to unlock a computer, but not to give up a password/PIN.

1 Like

I wouldn’t say that biometrics suck so much as misusing them sucks. They are inappropriate for any application where a “man in the middle” attack is possible.

Fingerprints? Try Facial recognition software. I have no idea how the CIA handles this, and it’s probably classified.

1 Like

Yeah, the real problem here is the persistent idea that fingerprints alone are a secure proof of identity just because they happen to be unique. At least with a regular password people can be forced to change them and don’t spend literally their entire life compulsively writing it down.

2 Likes

But the hacker(s) already own a verified fingerprint DB - building, cross-checking and verifying a new data source is much harder.

1 Like

That’s not a threat - that’s a feature! :smiley:

We need more such leaked databases. Please include also China, Russia, UK, and Israel, inter alia. And don’t stop there.

1 Like

5 Likes

It’s not a new data source at this point. They’ve been burning intel officers with it for a while now, most likely. If frikken Facebook has the technology, the various intelligence agencies have probably had a decent analogue for twice as long. Fingerprinting at borders is actually not that common, and a lot of biometric schemes actually don’t memorize your fingerprint anyway, but instead use the fingerprint to generate a hash that can only be regenerated with your fingerprint. So stealing the hashes doesn’t give you sufficient information to regenerate the fingerprint.

What about bruteforcing the hash to generate a matching fingerprint? It does not have to be identical to the source, it has only to match enough to get you through.

True, but changing the fingerprint hash generation schema will make that data useless. Of course it doesn’t change the fact that fingerprints are incredibly insecure.

3 Likes

As fingerprints increasingly replace passwords as a day-to-day security measure for unlocking your iPhone or even your home, security experts have grown concerned about how hackers might leverage them.

An important difference is that Apple doesn’t store the fingerprint info in a central database.

Hello,

Many nations collect biometric data such as fingerprints as part of their national ID system, as well when going through immigration. I would imagine this get used during internal travel as well in some countries.

China The nation that made a copy of the data¹ may be able to integrate it with their existing fingerprint capture and recognition systems not just to detect US government employees attempting to enter their country under false pretenses (i.e., as a businessperson, tourist, student, part of a cultural exchange, et cetera), but possibly even their own citizens or residents from other countries that may be in the employ of the US.

And, of course, China the nation that copied the biometric data may also share it with allied nations so that they may do the same, as well.

So, there are some immediate security risks associated with the biometric data being used for identification, as opposed to be using for authentication purposes as a part of compromising federal computer systems.

I would be unsurprised if the intelligence community was working on medical methods of altering fingerprints, palm prints, retinas and the like for the purpose of deceiving biometric sensors.


¹I think BoingBoing has established that they do not believe digital information can be stolen.

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.