Home > Critical Thinking, Current Affairs, Dystopia, Musings, Philosophy sans Sophistry, Reason, Secular Religions, Skepticism, Technology > Passwords are Vastly Superior to Biometric Identification: Oct 22, 2017

Passwords are Vastly Superior to Biometric Identification: Oct 22, 2017

I am just trying to finish a post that I started writing some time ago- but got distracted by some current topic or event. Having said that, let us get back to the topic at hand which is somewhat relevant to an upcoming series about the ongoing crappification of technology in pretty much all sectors of the eCONomy. The main focus of this post is how the much touted idea, by silli valley corporations, of using biometrics or anything similar to that as a replacement for passwords is an extremely bad idea- on multiple levels. Here are two recent examples of such articles and don’t click on them unless you want to read shitty journalism (Shill Piece #1, Shill Piece #2).

Now let me explain you why using Biometrics IDs on the internet, or on internet connected devices, is such a bad idea.

Issue #1: Using Biometric IDs instead of passwords promotes a false sense of security.

One of main lies repeated by corporations involved in promoting biometrics based ID is that it is somehow much harder to crack than text-based passwords. They often bring up misleading arguments about the length of biometric data signature vs passwords, implying that a longer length somehow magically translates into higher security. This argument is however a complete misdirection since the vast majority of password leaks are due to hacking of improperly secured corporate databases and exploits in operating systems and transmission protocols. In other words, the most common point of failure for password security is unrelated to the carefulness or carelessness of the person who uses it. Which brings us the second issue.

Issue #2: Passwords, unlike Biometric IDs, can be easily changed and individualized.

How many of you use the same password for your online banking, email, social media and other accounts? Why not? Well.. the vast majority of those who have used computers for over a decade tend to use different passwords for different accounts since doing so prevents the leak of one password from compromising all other accounts. Moreover, it is fairly trivial to change a password if you suspect that it was compromised. Now imagine doing that with your biometric ID. Are you going to get plastic surgery and eye replacement every time some corporate database containing your biometric ID is hacked? Because if you won’t do that, even a single compromised database could destroy your personal life- and the recourse for restoring your identity would be downright Kafkaesque.

Issue #3: Compromised Biometric IDs will inevitably cause cascading security failures.

Imagine a world where Biometric ID is central to using services from banking, healthcare, education etc. Now think through the aftermath of a successful hacking of one of the many databases containing your Biometric ID. For starters, you can bet that it would be sold on the market to the highest bidder. It goes without saying that every aspect of your life would be forever altered by even a single leak. The centrality of Biometric ID in such a world would mean that you would never again be safe from identity theft and there is nothing anyone could do about that- unless there was a password option available. But if such a system is intrinsically problematic enough to necessitate a password based backup- why use it in the first place?

To summarize, the point I am trying to make is that widespread adoption and use of biometric ID by various online (or largely online) corporations and institutions is an extremely bad idea due to the intrinsically unsolvable risks and collateral problems it would create, without offering any real advantages over using passwords or similar authentication systems.

What do you think? Comments?

  1. Libertarians are superhumans
    October 22, 2017 at 10:03 pm

    Issue #2 is irrelevant, because you should always use multiple-factor authentication (for example, a combination of biometric ID + password).

    However, biometric IDs only work well under one condition (and then they work very well): when there is someone else physically present in the same location during the sampling of the biometric ID. (For example, at the entrance of a building.) Under such conditions compromised biometric IDs are basically ineffective and will be noticed. Under other conditions, biometric IDs are not a good idea.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: