As do [secure] passwords. Which I'll demonstrate below.
> My finger prints are rarely intact enough for a fingerprint reader to capture them and read them.
Scan multiple fingers. Use different biometrics such as a photo of your face, or your eye. Remember, biometrics are meant as username replacement, not authentication (e.g. password-based); ie. so you don't have to type 'lightedman', not 'ethically-rage-retake-unlined-wrangle-lapel'.
And yet the original point still stands, which is biometrics are terrible passwords. I still agree with this timeless article on biometrics (fingerprints for this article, but all biomentrics in general) are excellent usernames, but terrible passwords:
> Remember, biometrics are meant as username replacement, not authentication (e.g. password-based); ie. so you don't have to type 'lightedman'
I think that's a solution in search of a problem. That may be all biometrics are actually good for; I don't think it's why anyone is interested in them.
I'm confused...how are authentication and "password-based" related? (Yes, passwords can establish who you are...just as biometrics or tokens can. Or they can be used in place )
Using Biometrics for claimed identity is a choice (I guess...it's not one I've heard of before), not a mandate. 2FA doesn't specify what factors line up with with "claimed identity" vs "confirmed identity" - just that 2 factors is more secure than 1 factor.
I've never heard of "used biometrics as username, and a password as password", nor that "biometrics are meant as username replacement". Have I fallen behind, or am I misunderstanding you?
My understanding is that, in CONFIRMING identity, you want at least two of "know something, have something, be something". Every example I've heard/seen (admittedly limited) used these to confirm a claimed identity, not to make the claim in the first place.
"Remember, biometrics are meant as username replacement, not authentication (e.g. password-based)"
Tell that to my fiance's iPhone, or my HP NX-series laptop which has Windows XP and a biometric user authentication login, I don't think they got the memo.
"Scan multiple fingers"
I guess you didn't read what I wrote. I'll just stop here until you do.
Sadly, they haven't. Did you get the memo where people from CCC got the fingerprint from a minister, just to prove a point?
> I guess you didn't read what I wrote. I'll just stop here until you do.
I did read what you wrote. That doesn't refute that in use cases, one finger(print) may stop working while another still works. It also doesn't refute that other biometric data stays intact. Although having to type 'lightedman' is a minor nuisance.
"That doesn't refute that in use cases, one finger(print) may stop working while another still works."
Not in mine. Simply put there are too many cuts on every single finger on my hands to make biometric fingerprinting a reliable thing, and those cuts change pretty much daily. Do mining like I do, in hard rock, with hand tools and no gloves (because you need to feel for things lest you destroy a perfect specimen.) You're not escaping uncut, no matter what.
For people like you we either need alternative way of identification (such as face recognition), or we need you to type your username ('lightedman'). The latter is IMO (in 2017, without physical keyboards) rather annoying.
Remember, I don't suggest we authenticate via fingerprints.
As do [secure] passwords. Which I'll demonstrate below.
> My finger prints are rarely intact enough for a fingerprint reader to capture them and read them.
Scan multiple fingers. Use different biometrics such as a photo of your face, or your eye. Remember, biometrics are meant as username replacement, not authentication (e.g. password-based); ie. so you don't have to type 'lightedman', not 'ethically-rage-retake-unlined-wrangle-lapel'.