Why is the power button not a fingerprint scanner?

[Greencardman]

I was just thinking, that would really be a good place for it to be (I'm talking laptops). It always seems stuck off to the side and looks ugly. Plus wouldn't it be better to have it check who you are before you can really turn it on? I suppose you could still take it apart and everything and hack in that way, but still. Same with the iPhone's home button. If people knew they couldn't turn your phone on unless they took it apart, well, wouldn't that be less reason for a casual thief to steal it?

 

[Everythingisnt]

Yeah, but the technology involved in making a non-moving power button into a fingerprint scanned would probably raise the price of the items too much..

Also, unless you adopted the type of fingerprint scanners on IBM's thinkpads (in which you just "swipe" your finger), using a fingerprint scanner would require you to hold your finger on for at least a second while some kind of device below the button scanned for your prints.

I'm not really sure if it would be all that practical, IMO..

 

[Plymouthbreezer]

...For most of us fingerprint readers are totally unnecessary.

 

[NightFlight]

...For most of us fingerprint readers are totally unnecessary.

x2.

I don't see a need for that at all unless you are in a high security environment. You could just password protect your computer instead....

 

[Abstract]

I think it's a great idea, and I don't think it'd cost too much. My girlfriend's mobile phone has it, and it's a 2 year old mobile that she purchased used for $30.

Of course, she's also Japanese, so....

 

[Greencardman]

Yeah, I was thinking more for business laptops. Its like the perfect size for your middle finger to push, and hold for a second. It could replace passwords, or add a new layer of protection. I mean, people forget passwords, or leave them lying around (wasn't there a study saying most people taped a piece of paper with their password on nearby anyways?) You don't forget your fingerprint. This way, no one has a chance to guess your password, and businesses don't need to worry about people setting up their stuff to login automatically. You actually need to be there to get it to work.

 

[Aea]

I think if Apple comes up with a real hardware solution for password protection, not the "fake" protection that fingerprint scanners offer, it would be a big step forward.

 

[Greencardman]

Why are fingerprints fake? What would be real?

 

[nbs2]

Yeah, I was thinking more for business laptops. Its like the perfect size for your middle finger to push, and hold for a second. It could replace passwords, or add a new layer of protection. I mean, people forget passwords, or leave them lying around (wasn't there a study saying most people taped a piece of paper with their password on nearby anyways?) You don't forget your fingerprint. This way, no one has a chance to guess your password, and businesses don't need to worry about people setting up their stuff to login automatically. You actually need to be there to get it to work.

In that case, you could rely on a system similar to what the government uses (as least DoD - I'm not sure about others). They use something called the Common Access Card. You need to insert the card into a reader before you can log into a machine. The card serves several other uses, but this would resolve the concern that you are presenting here.

 

[scotthayes]

simple reason not to have one, they are not secure. Finger print readers are to easy to fool.

 

[RedTomato]

If I get mugged, I don't mind losing my laptop. I'd rather not lose my finger as well.

There's no Time Machine for regrowing fingers.

 

[katejones]

If I get mugged, I don't mind losing my laptop. I'd rather not lose my finger as well.

There's no Time Machine for regrowing fingers.

I agree, I still remember marshal removing some guys eye with a spork to use in a retina scanner (ALIAS)

Using a removable body part for a security device never ends well.

 

[Greencardman]

Haha. I was going to respond to the DoD card thing as saying, well, people could just gain acess to your card. but you're right, people could also gain acess to your fingers.

But seriously, that seems a little far fetched. I'm talking about preventing casual theft. Someone grabbing your iPod and running, snagging your laptop when you're not looking. If it became useless immediately afterwards, don't you think it'd work? Not every thief will know how to hack something. It seems easy to implement.

 

[Gelfin]

Haha. I was going to respond to the DoD card thing as saying, well, people could just gain acess to your card. but you're right, people could also gain acess to your fingers.

High-end professional biometric systems are very sophisticated, sufficiently so that they can detect whether there is warm blood pumping in a natural way through the particular organ in question. You may still find yourself incapacitated in some way so as to supply your body part, but these sorts of systems are usually installed in facilities where security cameras would make it difficult to hide that something is amiss.

The sorts of biometric systems most people are ever likely to encounter, on the other hand, range from "screen door" to outright joke. Vendors of such systems make claims that are demonstrably false.

The sort of fingerprint scanner you would find on your laptop could be successfully thwarted by dusting a convenient surface for your fingerprints (like, say, the keyboard of your stolen laptop) and using the results to produce a sufficiently convincing prosthetic to fool the scanner.

But seriously, that seems a little far fetched. I'm talking about preventing casual theft. Someone grabbing your iPod and running, snagging your laptop when you're not looking. If it became useless immediately afterwards, don't you think it'd work? Not every thief will know how to hack something. It seems easy to implement.

A casual thief is not the threat model for any access control system. The thief does not care about the contents of your laptop. He is willing to look online to find the customer support directions to reset the device to its factory state, wiping your data in the process. If he cannot find it, or is too dumb to look, he will simply trash your device or sell it to some other sucker. Your device is still gone, and the biometric device has not served as a deterrent.

Thwarting the attacker who cares about what's on your laptop is why you want an access control mechanism. There are certainly casual attackers who would be thwarted by a fingerprint scanner (your little brother, say), but a good long hard-to-guess password will thwart your little brother and many more sophisticated attackers. Don't assume the more futuristic-seeming solution is the more secure one. The current state of consumer-available biometrics devices should not be considered serious security.

 

[ctt1wbw]

In that case, you could rely on a system similar to what the government uses (as least DoD - I'm not sure about others). They use something called the Common Access Card. You need to insert the card into a reader before you can log into a machine. The card serves several other uses, but this would resolve the concern that you are presenting here.

Oh God... CAC cards a freakin JOKE. They Navy uses them and they are just a big pain in the ass. They provide no real better security than hitting control alt delete and logging in the old fashioned way. You still have to type in your password. How is that providing better security?

 

[r1ch4rd]

simple reason not to have one, they are not secure. Finger print readers are to easy to fool.

Yes. While a password is a secret your fingerprint is not. Every-time you touch something you leave it behind. You can get a rough idea of someone's fingerprint with some sticky tape and talcum powder! It would take more than that to extract their password.

 

[theBB]

If somebody steals your password or account number, you could be assigned another one easily. What happens when somebody finds a way to fool one of these scanners to assume your identity? Who are you going to call to get yourself a new fingerprint or palm print?

 

[djellison]

They're less secure than a password. Significantly so. Your finger prints CAN be stolen and replicated - and made to work on those scanners. Unless you write it down and lose it - a password lives in your brain only. We had some laptops with these in at work. I was able to fool it with a photoshop job of a fingerprint printed out and stroked across it. Also- you have to have a means to do a reinstall WITHOUT the finger in question available - so it's no front to security at all.

Given that, I'd rather they left the button as is and save the cash.

Doug

 

[Greencardman]

ha, they moved my thread. sorry, that took me a while, i kept thinking it was buried somewhere.

So really, I'm getting the feeling most people think there's no solution to preventing casual theft, all you can prevent is data access.

What do you guys think of gesture passwords? I got to thinking about that when I was thinking up ideas for iPhone Apps. Instead of typing in something, you draw a shape with your fingers. Or tap in a rhythm (not for coffee freaks), or for the iphone, shake it in a certain way.

Basically, there are limits to what the human brain can remember in terms of letters and numbers in combination. But shapes are complex objects easily remembered, and when you put them in combination, it becomes more complex. And shapes are almost infinite, instead of being limited like letters and numbers.

 

[Plymouthbreezer]

Gestures seem too akward... and how liberal would you make it to compensate for minor differences each time??

I work for a city IT/Tech department... Internally, we use obscure passwords. Nice, simple (once you memorize it), and secure. For places that require more security, simply use something like the DoD Common Access Card.

 

[nbs2]

Oh God... CAC cards a freakin JOKE. They Navy uses them and they are just a big pain in the ass. They provide no real better security than hitting control alt delete and logging in the old fashioned way. You still have to type in your password. How is that providing better security?

The point of the CAC card is to provide a second layer of security, and ensure that wherever you go, your clearances go with you.

Yes, you have to type in your password after inserting your CAC into the reader, but the fact that you need both the physical card and the p/w make entry more difficult. Obtaining both is significantly more difficult than just one.

 

[Aea]

Why are fingerprints fake? What would be real?

Most of the "fingerprint scanners" are nothing more then buggy, third party software that only obfuscate your password (read, store it insecurely, or through weak encryption) and then sends the password to windows to "authenticate." What's truly necessary is a powerful scanner, and a good hardware or intrasystem (ie keychain) implementation. I'm not an expert, so not all of this might make sense.

 

[Future Blues]

Most of the "fingerprint scanners" are nothing more then buggy, third party software that only obfuscate your password (read, store it insecurely, or through weak encryption) and then sends the password to windows to "authenticate." What's truly necessary is a powerful scanner, and a good hardware or intrasystem (ie keychain) implementation. I'm not an expert, so not all of this might make sense.

And you can fool most fingerprint readers with a little blob of silly putty, to name one thing.

 

[krye]

Because you're the only one that thinks that would be cool.

 

[chewie100]

I don't want biometrics on my Macs!! Please don't entertain this idea any further.