Shostack + Friends Blog Archive

 

You can’t change your fingerprint

fingerprint.jpg

One of the most useful things you can do to protect your passwords is to change them regularly. This bounds the effect of many attacks which obtain your password, by various cracking techniques or by mistakenly entering it in the wrong place. After you’ve changed your password, the old one doesn’t do any good. This doesn’t help if you’re worried about spyware or a compromised server sharing your password, but it does help in many cases, and is the origin of many password change policies.

However, in cases where your finger is used to identify or authenticate you, it’s much harder to change your password. To date, we haven’t seen open market sales of biometric information captured by private sector companies like Disney or Seaworld, but Bob Sullivan identifies a case where a Disney “contractor [was] caught trying to sell Disney data:” [link to http://redtape.msnbc.com/2007/07/employee-caught.html no longer works]

An employee who works for the company that processes Disney Movie Club transactions was caught trying to sell customer credit card information, Disney told its customers this week. The story echoes an incident revealed by Fidelity National Information Services earlier this month.

Now, we know about this because it was credit card data. If it was your fingerprints, you’d be entirely out of luck, and you wouldn’t even know it.

Photo: PartyPig’s password, on Flickr. I think he has a different title.

6 comments on "You can’t change your fingerprint"

  • Chris says:

    You’d be SOL in most states. In Florida, you’d be SOL unless unauthorized and fraudulent use occurred. In Nebraska, North Carolina, and Wisconsin, personal information includes biometric data (as I read the Perkins Coie chart).
    http://www.digestiblelaw.com/64/s1088/news/www.perkinscoie.com/statebreachchart/chart.pdf

  • Frederick Wamsley says:

    Your password identifies you because it is secret. Your fingerprint identifies you because it’s permanently attached to your body. Your fingerprint doesn’t have to be kept secret, but unlike a password it does need to be entered through a trustworthy path.
    A useful biometric system would require a live finger and wouldn’t be spoofable with a copy of someone’s fingerprint. Real systems have often been spoofable, but that’s a bug and not a feature.

  • David Brodbeck says:

    History seems to suggest that relying entirely on the unspoofability (is that a word?) of a hardware device is a Bad Idea. They all get broken sooner or later. I’m willing to go out on a limb and suggest that a foolproof fingerprint scanner is not possible to build.

  • Adam says:

    Fred,
    Are you sure about that permanently attached claim?
    http://www.emergentchaos.com/archives/2005/04/a_picture_is_wo.html

  • Chris says:

    “out on a limb” is close enough to a pun when discussing fingerprints that I chuckled. Thanks, David!

  • haroon says:

    heh.. right on! in fact a short while ago i wondered the very same thing (http://www.sensepost.com/blog/1114.html) re: being forced to use the only print i have, at relatively low security venues..
    /mh

Comments are closed.