Authentication: finger vein recognition being rolled out by Barclays


#1

I wonder if these devices are commercially available.

Bank customers to sign in with veins:


Proof of unique human
#2

I think they are
Example 1

Example 2

But you don’t want to use these technologies on the current internet. I would rather use a brainwallet instead of a vein recognition device OWNED by a bank. Next thing you know they start selling that data to the government.

Too bad that the creativity of these banks are always missing. [For instance this article about an biometric ID system in Nigeria.][1] Ideally you would want to incorporate an, ID, Payment (with nfc), QRcode to some 1s address and a driver licence in this card. The driver licence could just be a simple number that’s activated on your card. It would work just like Coin, scan your files and they are added to your card.

Here is your extra layer of security


[1]: http://arstechnica.com/business/2014/09/mastercard-backed-biometric-id-system-launched-in-nigeria/

But let’s be honest, all those things could take place on your mobile


#3

Good research @19eddyjohn75. Any indication the devices are available to you and me and what they cost etc?

I was thinking not of using it for banking (and I would expect no data would be shared with the bank anyway as that is a security hole), but for login on my own PC. I have a fingerprint scanner already, but obvs we know they can be fooled.

Brain wallets need to be used with great care as there are bitcoin address watchers that look for new addresses and then try brute force attacks using dictionaries of likely phrases and the ways people might use them in a brain wallet. These attacks can be done with so much compute power - no limiters - that you need something very hard to break and that probably means hard to remember. So caution here!


#4

The Coin is available now @ https://onlycoin.com/

But as pointed out, it will be obsolete soon.

I didn’t dig any further in the palm vein scanner, because these keep things like your data on their server.

It would be nice if an OS would be based on your biometric, so no action can be executed without your approval. I think this would be the most secure OS in the world. We also need to get out the domain of downloading stuff. What if everything you need is online accessible, through the Maidsafe ecosystem. This in itself would give Maidsafe some plus points over the existing possibilities.

Multiple biometric inputs could maybe also tackle the Proof Of Unique Human problem. But these things need to be done in a setting of ordinary people to people instead of a government as middleman.


#5

I once received one of those Lenovo laptops from an ‘employer’ and it had one of those finger print scanners built in… I turned it back/rejected it;

All I could think about is how my biometrics are stored on this machine where if it were to be compromised, well so are my biometrics. Hackers don’t know ever what they’re going to get, and they’re running with what they acquire; learning and studying and scheming ways to use data of another’s, and if that includes some biometrics… well; d’uh that’s ‘a good find’ - in the video’s case its ‘a secret code’


#6

It a catch. If your biometrics are compromised you are hog tied and pegged for life. No changing user name and password. No restart.


#7

I haven’t checked but doubt this is the case. It would be a massive security hole and lots of privacy issues as you point out.


#8

Biometrics is not the solution for distributed systems. Plus, there is knowledge in remaking a person’s biology. Not all people are average, and not all people go through the course of life like average people. Imagine changing your haircolor without dye, or your height, or your vein map, on demand; even though it may take a month or two. And i’m not talking surgery, or any of that crap.


#9

I’m actually not talking about a normal OS here, your biometrics would be the only way you can access the OS. Every data on the harddrive would be encrypted with your biometric serving as the key. Even the browser on this system would not reveal your OS, plugins our whatever on your system. The only person who could ever access the system is only you. If somebody else wanted to log in they would get info based on their biometrics.

The browsers we are using now adays are giving away more info about us. Ideally a Maidsafe browser should have things like disconnect.me (tracker blocker) Priv.ly (content removal from facebook/google) and noscript by default. I’m even getting the feeling that the browser can register everything I type in and it doesn’t matter on which site I do this. My mouse movement is being tracked. We need a browser that tackles things like unsafe websites.

I know it’s a catch, I would even go near anything biometric, because the security systems of the current internet are all broken. We should not shy away to regularly have Maidsafe security checks. It will only improve our world.

Massive security holes is not new to this world, it’s second nature. Companies love to screw up security. Only trust what you made yourself and fully understand.

I fully agree that in our current world biometrics is not the solution, that why we shoulden’t buy into it when banks or governments say it is. I was FORCED to give my fingerprint because I needed a passport.


#10

I’m so surprised wikipedia does not have a page about this:

http://www.lockwiki.com/index.php/Impressioning

particularly this part:

http://www.lockwiki.com/index.php/Impressioning#Manipulation-based_Impressioning

doesn’t even mention key impressioning - not even the root word impression is found in the wikipedia on lockpicking - just expressing something so amazingly reliable security flaw and yet obviously quite covert.