Ledger Integrates Biometric Authentication

[lovegood]

Ledger Integrates Biometric Authentication

The next generation of Ledger, a smartchip-based Bitcoin hardware wallet similar to Trezor, will be compatible
with the authentication features of Fido Alliance – namely external dongles and fingerprint readers.

For details, please continue reading...

[HI-TEC99]

Most fingerprint readers can be easily tricked with very simple techniques. The newest upcoming technology might be more secure, but I think it will soon be cracked if it hasn't already. If I had a Bitcoin hardware wallet I wouldn't trust any form of biometrics to secure it because most of them have already been broken.

[jeannemadrigal2]

Simple biometric is nice for sci-fi movies, but in reality it is a very bad idea.  I can change a password in seconds, but I can never change my fingerprints.  Maybe there is some way for it to track a better biometric, but since none of them can be changed like a password, I see this more as a gimmick than an actual good security measure.

[RustyNomad]

There will be no biometrics.... See reply posted below the article

Nicolas Bacca
Ledger CTO here.

We absolutely won't do that - but it's ok, this is a slight misinterpretation of what we posted, and a very common one. For some reasons, FIDO is associated to biometrics, because biometrics supporters have been very vocal in this group - but it's a "just" common authentication standard, with a lot of ways to identify the user locally on the device itself.

We'll be supporting FIDO because we think that it's important to get rid of passwords with standard and interoperable protocols, rather than having the user install one different application or own one different device per service.

But we absolutely won't do it with biometrics. Just with a regular PIN, entered on the device itself, which complies with FIDO requirements.

That picture is pretty cool though

[RappelzReborn]

Ledger Integrates Biometric Authentication

The next generation of Ledger, a smartchip-based Bitcoin hardware wallet similar to Trezor, will be compatible
with the authentication features of Fido Alliance – namely external dongles and fingerprint readers.

For details, please continue reading...

If they are counting on using simply Fingerprints then this can be easily tricked up as the users above said . they need to make something more secure like that eye recongition or whatever his name is like Nokia are planning to do on their phones soon or Finger vein pattern which is obviously the future https://www.youtube.com/watch?v=GOWD9_vj75I
but it's still a good idea and something more for security i guess , when it's going to be available btw ?

[RustyNomad]

There will be no biometrics.... See reply posted below the article

Nicolas Bacca
Ledger CTO here.

We absolutely won't do that - but it's ok, this is a slight misinterpretation of what we posted, and a very common one. For some reasons, FIDO is associated to biometrics, because biometrics supporters have been very vocal in this group - but it's a "just" common authentication standard, with a lot of ways to identify the user locally on the device itself.

We'll be supporting FIDO because we think that it's important to get rid of passwords with standard and interoperable protocols, rather than having the user install one different application or own one different device per service.

But we absolutely won't do it with biometrics. Just with a regular PIN, entered on the device itself, which complies with FIDO requirements.

That picture is pretty cool though

[oblivi]

Most fingerprint readers can be easily tricked with very simple techniques. The newest upcoming technology might be more secure, but I think it will soon be cracked if it hasn't already. If I had a Bitcoin hardware wallet I wouldn't trust any form of biometrics to secure it because most of them have already been broken.

I don't trust biometrics myself. Nothing is better than a 20+ character phrase with a couple uncommon signs, you know you are safe for a lifetime if the algorithm is decent such as SHA256, but who knows what can they come up with to compromise biometric type security.

[M8]

Most fingerprint readers can be easily tricked with very simple techniques. The newest upcoming technology might be more secure, but I think it will soon be cracked if it hasn't already. If I had a Bitcoin hardware wallet I wouldn't trust any form of biometrics to secure it because most of them have already been broken.

I'm sure it can be easily fooled, but it's great as a 3-factor option. Unlikely someone at the otherside of the world is going to be able to lift your fingerprint off something as well.

[unamis76]

Too bad they won't adopt fingerprint tech... Since they won't, I'll be waiting around for retina scan technology

[Tarantino]

I think they should adopt biometrics on mobile phone wallet aps as well. I don't think people should rely soley on it but with your password and things like google authenticator etc it adds another layer of well needed security.

[itsAj]

FIngerprint tech is still unstable unfortunately it needs a long way to go before usability.

[bitllionaire]

Is this real,I hadn't seen and I feel this is exciting, It will add more security to our bitcoins

[neurotypical]

I have a mate that got the Galaxy S5 and he managed to reverse engineer the fingertip thing that authenticates you as the owner to gain control of it, these things aren't advanced enough to gamble with your BTCs imo.

[GTA]

Simple biometric is nice for sci-fi movies, but in reality it is a very bad idea.  I can change a password in seconds, but I can never change my fingerprints.  Maybe there is some way for it to track a better biometric, but since none of them can be changed like a password, I see this more as a gimmick than an actual good security measure.

Yeah, but you probably could use a different finger )

[Kprawn]

We used to have some fingerprint scanners at work, and the people figured out how to bypass them. They used common office supplies to duplicate/copy the fingerprint pattern and they got past it.

When we bought these devices, the supplier made bold claims... "If you cut off a finger, it will not work... da da da..."

We brought them back... showed them what the people did, and they refunded us. We now use a combination of retina scanner / CCTV and passwords... with a 100% success.

There are holes in any system... just try to eliminate as many as possible. 

[btchip]

Again Ledger CTO here, yes, we won't use biometrics because the cost to of doing it correctly is definitely not worth the benefits. And when not done correctly, it can create a persistent liability for the user.

Just considering fingerprints, the most common one today : first, you want a good quality sensor to collect your fingerprints (otherwise, this can be fooled by a fake finger, gummy bear or whatever) - most consumer grade products fail right there. Then, you want to connect it securely to your matching logic (otherwise, every malware or physical attack can reveal your digital fingerprints, again, you don't want that to happen since it's complicated to revoke a finger without chopping it off, and a digital fingerprint can be a great way to fake authentication into other brittle systems). Finally, you want a secure, fast and reliable matching logic (secure for the same reasons as before, fast and reliable because the user experience is going to suck otherwise)

Apple actually does most parts right as described in https://www.apple.com/business/docs/iOS_Security_Guide.pdf - but that's more the exception than the norm, and of course the generic consumer grade sensor is still bad.

The Secure Enclave is responsible for processing fingerprint data from the Touch ID
sensor, determining if there is a match against registered fingerprints, and then
enabling access or purchases on behalf of the user. Communication between the
processor and the Touch ID sensor takes place over a serial peripheral interface
bus. The processor forwards the data to the Secure Enclave but cannot read it. It’s
encrypted and authenticated with a session key that is negotiated using the device’s
shared key that is provisioned for the Touch ID sensor and the Secure Enclave. The
session key exchange uses AES key wrapping with both sides providing a random
key that establishes the session key and uses AES-CCM transport encryption.

You'll have similar requirements for other biometrics - good sensor, secure pairing with the matching logic, secure, fast and reliable matching logic. Also matching logics are complex and highly proprietary, which doesn't really fit that well into Bitcoin decentralized and trustless design either. It's quite difficult to be able to evaluate yourself how snake oilish it really is - for a good laugh, just ask your local fingerprint solutions vendor how the matching algorithm works, or even how minutiae are encoded.

[Argwai96]

I love biometric, when ever i have to use anything biometric it feel like ultimate security, i was just wondering if anyone has seen a dna biometric authentication?

[Amph]

biometric can be craked easily, they should provide retina plus movements of your eye(that follows a specific path) at the very least, or something else

you can find plenty of example on the web that show this

http://9to5mac.com/2013/09/22/biometrics-hacking-team-uses-photographed-fingerprint-to-get-past-touch-id/

[Hazir]

I love biometric, when ever i have to use anything biometric it feel like ultimate security, i was just wondering if anyone has seen a dna biometric authentication?

Maybe in the future, when scientist will improve it,  it will be good idea to use services like Biometric Authentication. But for now this system is rather misleading with promise of total security.
DNA portable scanners are song of the future. And even then I am afraid it will be exploitable tech. Now you can simply photograph your fingerprint and cheat scanner.
In the future someone could grab a sample of your DNA and use it to get access to your account. How that problem will be fixed?

[oblivi]

I love biometric, when ever i have to use anything biometric it feel like ultimate security, i was just wondering if anyone has seen a dna biometric authentication?

It "feels" really cool to put your finger and get it scanned to unlock your phone, but you would trust a lot of money into it instead of classical cryptographic algorithms?