What will be the future of User-Authentification?

Hi all,

I am very intersted about the (near) future of User-Authentification
and I heard several things that I can not put together. So I hope you
can help me.

I heard that within the next few years most Computers will have a
fingerprint-scanner because they will get quite cheap. But on the
other side I read about big drawbacks of biometrics systems when they
are widely used for "everything" because you give every instance you
trust a "copy" of your fingerprint.
Then I read, that SmartCards have a bright future - espacially for
online-banking.
Will there be a Standard in 3 or 5 years that 90% of all PC Users use?
What will it be? And why?

Thank you for any ideas or point of views!

Best Regards

Arno Oesterheld

Re: What will be the future of User-Authentification?

Arno Oesterheld wrote:
> Hi all,
>
> I am very intersted about the (near) future of User-Authentification
> and I heard several things that I can not put together. So I hope you
> can help me.
>
> I heard that within the next few years most Computers will have a
> fingerprint-scanner because they will get quite cheap. But on the
> other side I read about big drawbacks of biometrics systems when they
> are widely used for "everything" because you give every instance you
> trust a "copy" of your fingerprint.
> Then I read, that SmartCards have a bright future - espacially for
> online-banking.
> Will there be a Standard in 3 or 5 years that 90% of all PC Users
use?
> What will it be? And why?
>
> Thank you for any ideas or point of views!
>
> Best Regards
>
> Arno Oesterheld

Re: What will be the future of User-Authentification?

Arno Oesterheld wrote:
> Hi all,
>
> I am very intersted about the (near) future of User-Authentification
> and I heard several things that I can not put together. So I hope you
> can help me.

We are talking about *remote* authentification. For me the best
way of *local* authentification it's that old guy that have been
working in the company for years and know everyone :-)
Not cards. Not OPIE. A good old guy with a lot of memory.

> I heard that within the next few years most Computers will have a
> fingerprint-scanner because they will get quite cheap. But on the
> other side I read about big drawbacks of biometrics systems when they
> are widely used for "everything" because you give every instance you
> trust a "copy" of your fingerprint.

Someone can force you to put your finger in the scanner. The data
once it has been readen in a non secure scanner can be used to
identify as you in other sites. Same problem that with passwords.
I don't think is the future.

> Then I read, that SmartCards have a bright future - espacially for
> online-banking.

Can be stealed. Can be hacked (satellite tv smartcards are being
hacked from time to time) to extract the keys/certificates.

> Will there be a Standard in 3 or 5 years that 90% of all PC Users use?
> What will it be? And why?

A mix of all this systems. I don't think one will be the perfect system,
but if you mix a smarcard, with biometric authentication and a password
that is only in your mind then you will have a quite good system.

And yes, I'm quite paranoid.

> Thank you for any ideas or point of views!
>
> Best Regards
>
> Arno Oesterheld

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"

Re: What will be the future of User-Authentification?

Hi,

Don't know why my first post didn't appear... but anyway, my view is
that it really depends on the system you are using. I don't think that
in 3 or 5 years (or in 10 or 15 years for that matter...) 90% of normal
home PC users will use anything other than the normal login
username/password process (why use an atomic bomb to kill a moskito
right?)
Companies however are moving towards different authentication
mechanisms - Siemens for example is starting using smartcards for the
login process and my feeling is that it makes sense for more sensitive
systems.
Biometrics is a technology which I believe will have a bright future,
although not exactly as an authentication mechanism. My view is, and
most companies seem to disagree with this, that biometrics shouldn't be
an authentication mechanism but an authorization mechanism (more like
for controlling access to resources...). This is because your
fingerprint is not like a password - you can't change your
fingerprint!!!! So if it gets compromised how do you deal with it?? And
remember that your fingerprint isn't exactly private - you leave
fingerprints everywhere such as in glasses in public places... the
portuguese ID card even have a fingerprint of the owner on the front!
That's why it makes sense to me to use a biometrics as an access
control mechanism after an authentication mechanism took place! Also it
makes sense to use biometrics and smartcards combined, if nothing else
because you should store your fingerprint's template in secure,
tamper-resistant device, which can be provided by a smartcard!

Regards,
Joao