DrBitcoin (OP)
|
|
February 18, 2014, 01:50:50 PM |
|
In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.
Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.
Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.
If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?
|
|
|
|
|
|
|
|
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
bobalo
Member
Offline
Activity: 80
Merit: 10
|
|
February 18, 2014, 01:51:27 PM |
|
Not everyone has a finger scanner...
|
|
|
|
substratum
Newbie
Offline
Activity: 36
Merit: 0
|
|
February 18, 2014, 02:08:42 PM |
|
This is no better than OTP 2FA; both are worthless if your machine is infected by man-in-the-browser (MitB) malware. If you haven't been following banking malware trends you may not be aware - thieves have been bypassing 2FA easily for quite some time. Transaction Integrity Verification (TIV) using an offline device is the only way to defeat theft by MitB malware.
|
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3794
Merit: 2616
Join the world-leading crypto sportsbook NOW!
|
|
February 18, 2014, 04:44:40 PM |
|
I think Biometrics would be a worthy two/third-factor authentication as long as they were implemented properly and safe.
|
|
|
|
hellscabane
Legendary
Offline
Activity: 896
Merit: 1000
|
|
February 18, 2014, 04:53:59 PM |
|
You know, you may actually be onto something here. The problem is how to make this process seamless and safe. There are several major companies trying to incorporate biometrics with their security practices and it could behoove BTC if several major exchanges/applications incorporate it.
Once again though, the problem is making the process seamless and safe.
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
February 18, 2014, 05:07:23 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
Yogafan00000
|
|
February 18, 2014, 05:10:17 PM |
|
The problem with biometrics is that once your scan data has been compromised by data thieves, you can't change any of it.
|
1YogAFA... (oh, nevermind)
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
February 18, 2014, 05:12:24 PM |
|
They key to defeat hackers are secure hardware wallets, you'd imagine we'd have one by now. I'm still waiting on Trezor to ship and am hopeful it will be everything it needs to be - we'll see. Any updates slush?
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
hellscabane
Legendary
Offline
Activity: 896
Merit: 1000
|
|
February 18, 2014, 05:31:34 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
This is the difficulty in making biometrics seamless and safe. One of the biggest issues is that unimodal biometric systems lack robustness. On the other hand, strictly multimodal biometric systems are very robust but they lack the seamlessness of unimodal systems. There has been work done on creating an adaptive multimodal system which uses probabilities to account for changes that the human body encounters but the difficulty is in trusting the robustness of the probabilities and securities of multi-level gaming of the systems.
|
|
|
|
seriouscoin
|
|
February 18, 2014, 05:35:32 PM |
|
Not to mention fingerprints are every easy to steal.... yeah....
We still dont have robust technology for this application yet. For ex: eye scanning is so damn slow.
|
|
|
|
seriouscoin
|
|
February 18, 2014, 05:36:30 PM |
|
They key to defeat hackers are secure hardware wallets, you'd imagine we'd have one by now. I'm still waiting on Trezor to ship and am hopeful it will be everything it needs to be - we'll see. Any updates slush? About Trezor.... when will they have it ready? i really cant wait
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
February 18, 2014, 05:43:07 PM |
|
They key to defeat hackers are secure hardware wallets, you'd imagine we'd have one by now. I'm still waiting on Trezor to ship and am hopeful it will be everything it needs to be - we'll see. Any updates slush? About Trezor.... when will they have it ready? i really cant wait Would be nice to know, I agree.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3794
Merit: 2616
Join the world-leading crypto sportsbook NOW!
|
|
February 18, 2014, 05:48:39 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins . I'm sure there'll be fingerprint Bitcoin apps at some point.
|
|
|
|
seriouscoin
|
|
February 18, 2014, 05:54:01 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins . I'm sure there'll be fingerprint Bitcoin apps at some point. Altho DNA is unique (all 13 pairs) but its not guaranteed to stay the same.
|
|
|
|
substratum
Newbie
Offline
Activity: 36
Merit: 0
|
|
February 18, 2014, 06:30:06 PM |
|
The long and short of it is this: there's no method you can use to authenticate yourself to a remote website via an infected computer that man-in-the-browser malware can't hijack en-route and use in order to pretend to be you. Instead you need to validate the integrity of your transactions on a separate device. That's what Cronto does for banks and that's what Trezor does for Bitcoin wallets.
|
|
|
|
hilariousandco
Global Moderator
Legendary
Offline
Activity: 3794
Merit: 2616
Join the world-leading crypto sportsbook NOW!
|
|
February 19, 2014, 02:36:29 PM Last edit: February 19, 2014, 03:08:23 PM by hilariousandco |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins . I'm sure there'll be fingerprint Bitcoin apps at some point. Altho DNA is unique (all 13 pairs) but its not guaranteed to stay the same. Are you saying peoples DNA changes?
|
|
|
|
Remember remember the 5th of November
Legendary
Offline
Activity: 1862
Merit: 1011
Reverse engineer from time to time
|
|
February 19, 2014, 02:39:35 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins . I'm sure there'll be fingerprint Bitcoin apps at some point. Altho DNA is unique (all 13 pairs) but its not guaranteed to stay the same. Are you sating peoples DNA changes? I think I read somewhere that throughout a person's life, he has many mutations in his DNA.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
franky1
Legendary
Online
Activity: 4214
Merit: 4465
|
|
February 19, 2014, 03:16:53 PM |
|
In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.
Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.
Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.
If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?
as others have said biometrics is not easy. 1. not everyone has/wants a fingerprint scanner. 2. if i cut my thump and it left a scar, the thumbprint wont match the one on the exchanges database 3. a trojan horse could sniff the data input of a USB port to copy the persons thump print and then use it later.. much like keyloggers sniff usb keyboards. 4. the actual lesson to learn is to teach people not to use exchanges as long term bank accounts.
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Rawted
|
|
February 19, 2014, 03:17:41 PM |
|
I have been tinkering with this idea for quite some time. Multi tiered personal security appliances. Split into packages according to their security level (from basic to advanced). Can be used separately or combined together like Voltron to produce the ultimate personal security device. The drafts for my idea have something like level 1: fingerprint and/or voice level 2: level 1 + retinal level 3: level 2 + laser dna (think http://www.ncbi.nlm.nih.gov/pubmed/8379664 but compact) The amount of engineering to put this idea into production is way out of my league, however.
|
|
|
|
Rawted
|
|
February 19, 2014, 03:20:56 PM |
|
In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.
Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.
Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.
If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?
as others have said biometrics is not easy. 1. not everyone has/wants a fingerprint scanner. 2. if i cut my thump and it left a scar, the thumbprint wont match the one on the exchanges database 3. a trojan horse could sniff the data input of a USB port to copy the persons thump print and then use it later.. much like keyloggers sniff usb keyboards. 4. the actual lesson to learn is to teach people not to use exchanges as long term bank accounts. 1. Units are cheap nowadays, can even take a hit on the manufacturing end and make up for it on final MSRp of the kits or the software side of things. 2. That's not how they would work. They work off of patterns, not whole scan matching. 3. Multiple points of security. No one piece of biometric data would be able to unlock the kingdom. 4. Agreed
|
|
|
|
hellscabane
Legendary
Offline
Activity: 896
Merit: 1000
|
|
February 19, 2014, 03:24:39 PM |
|
I already spoke to some of the devs, they quickly proved me wrong that biometrics are viable. They said for instance, that fingerprints are not the same throughout the whole life, they change and are are not as accurate all the time. I also tried saying ok what about a DNA scan, proved me wrong again.
DNA scanning is even more far-fetched, but could be fun. Imagine licking or spitting into something before you could send your Bitcoins . I'm sure there'll be fingerprint Bitcoin apps at some point. Altho DNA is unique (all 13 pairs) but its not guaranteed to stay the same. Are you sating peoples DNA changes? I think I read somewhere that throughout a person's life, he has many mutations in his DNA. Yes, a person experiences minute changes to his/her DNA throughout the course of life. Environmental mutagens, various forms of radiation, etc. Our bodies have mechanisms that do a very good job of preventing changes in our DNA, but just like the human experience, it too is imperfect.
|
|
|
|
virtualmaster
|
|
February 19, 2014, 03:29:43 PM |
|
Devices with fingerprint scanner authentication are developed by good technicians but by a bad concept designer. It is overseen that by authenticating with a fingerprint scanner you don't need the proper finger just the proper fingerprint. And if a handy or laptop is stolen then mostly will have his owners fingerprint also which he uses maybe by the entrance of his house also. If he would have password authentication and his password is stolen then he can change his password but he cannot change his finger or his fingerprint.
|
|
|
|
OnkelPaul
Legendary
Offline
Activity: 1039
Merit: 1003
|
|
February 19, 2014, 03:33:32 PM |
|
I'd much prefer a simple hardware security token plus easy-to-remember transformation rule, for example "swap first and third digit, add 3 to the fourth digit (mod 10)". The token would spit out a new 6-or-8-digit number each minute, and the transformation rule must be used to find the actual password. That way, to gain access someone must steal the token and also know the transformation rule. That's not impossible to do, but is much more difficult to achive stealthily than acquiring a fingerprint from some appropriate surface.
Of course, this is just the authentication part - you also need to have a reasonably tamper-proof computer and operating system, and the whole system must make sure that MITM attacks won't work.
Onkel Paul
(I can't help thinking of "Minority Report" whenever someone mentions iris scans...)
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
February 19, 2014, 03:34:14 PM |
|
In my opinion, biometric technologies like apples touch ID is the solution to Bitcoin hackers on major exchanges. Imagine Coinbase or Bitpay had a user enabled feature that requires your fingerprint in order to confirm any Bitcoin transactions.
Then, a hacker would need to get into your account, defeat two factor authentication... and have acess to your fingerprint to confirm any transaction requests.
Obviously, this could be a user enabled feature that conspiracy theorists or people looking to just be anonymous could opt out of.
If Apple were to open up its touch ID to third parties, this would be the best offering. But for the meanwhile, can't a website like coinbase allow you to buy a third-party fingerprint scanner?
The German "Chaos Compute Club" once replicated the finger prints of a well known German politician by simply taken them from a glass of water he used. They then published a usable version of the fingerprint with their magazine so everyone could use it to use that dudes finger prints. There is even a tutorial about how to do that stuff and it's so easy. It's just not save and can be manipulated so easily.
|
|
|
|
Rawted
|
|
February 19, 2014, 03:37:13 PM |
|
Devices with fingerprint scanner authentication are developed by good technicians but by a bad concept designer. It is overseen that by authenticating with a fingerprint scanner you don't need the proper finger just the proper fingerprint. And if a handy or laptop is stolen then mostly will have his owners fingerprint also which he uses maybe by the entrance of his house also. If he would have password authentication and his password is stolen then he can change his password but he cannot change his finger or his fingerprint.
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
|
|
|
|
virtualmaster
|
|
February 19, 2014, 03:41:50 PM |
|
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams.
|
|
|
|
Rawted
|
|
February 19, 2014, 03:50:49 PM |
|
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams. Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers.
|
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2384
Viva Ut Vivas
|
|
February 19, 2014, 03:59:14 PM |
|
I have an old device that is a mini computer that requires a fingerprint scan to activate. It plugs in to your USB and uses your computer's network and monitor/keyboard without giving access to the contents of the device.
The company went out of business and the device is only compatible with old OSes. That would be ideal.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
virtualmaster
|
|
February 19, 2014, 04:03:35 PM |
|
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams. Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers. And what is the difference between a simple fingerprint and a scanned image of a finger where the gaps between the ridges are filled with an opaque hand-cream and they are no valleys ?
|
|
|
|
ChuckBuck
|
|
February 19, 2014, 04:14:40 PM |
|
I like the idea of Biometrics as a 2 FA or 3 FA method, but what happens if a person has no hands or fingers or had it amputated! Guess iris scanning is the next evolution. Next thing we'll be pricking ourselves to give blood DNA to authenticate!
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1145
The revolution will be monetized!
|
|
February 19, 2014, 04:17:48 PM |
|
I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time. Once completed, I got bored and decided to try defeating it. Five minutes later I was in. I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try.
|
|
|
|
Rawted
|
|
February 19, 2014, 04:51:31 PM |
|
This wouldn't be an issue. There's basically two types of scanning used, optical and ccd. Using ccd, the scan actually measures the patterns of contrasting light and dark spots of the ridges and compares them to past scans. The light used wouldn't reflect off a fingerprint's oil pattern the same way it would an actual flesh digit with ridges and valleys.
That wouldn't be proper for womans as they use hand-creams. Sorry for that not being clear, I meant the version we would use would base the pass/fail upon the light bounced off the actual flesh ridges of a human's fingers. And what is the difference between a simple fingerprint and a scanned image of a finger where the gaps between the ridges are filled with an opaque hand-cream and they are no valleys ? Well lotion gets absorbed by the skin, it doesn't sit on top of it. I am positive it's not a problem like you're making it out to be. One could always wipe off their finger...
|
|
|
|
Rawted
|
|
February 19, 2014, 04:53:09 PM |
|
I like the idea of Biometrics as a 2 FA or 3 FA method, but what happens if a person has no hands or fingers or had it amputated! Guess iris scanning is the next evolution. Next thing we'll be pricking ourselves to give blood DNA to authenticate! Amputees would use a different level device. They would move right into retinal/voice/laser dna scans. Someone with glaucoma would use fingerprint/voice/laser dna. That's the beauty of it, it's customizable to the user.
|
|
|
|
Rawted
|
|
February 19, 2014, 04:55:53 PM |
|
I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time. Once completed, I got bored and decided to try defeating it. Five minutes later I was in. I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try. More than likely, this was an optical scanner. A few posts back i detailed CCD scanning, which would be far more accurate and less 'hackable'. Again, the goal is to combine multiple points of authentication and not leave it to a single point of entry.
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1145
The revolution will be monetized!
|
|
February 19, 2014, 06:23:06 PM |
|
I'm not sure the technology is there yet. As an experiment I set up a fignerprint reader on my Linux ThinkPad. It was way easier than entering my long password each time. Once completed, I got bored and decided to try defeating it. Five minutes later I was in. I used clear tape to lift a print that I had blown graphite dust onto. No super glue smoke needed, just old school. I then stuck the tape to some white paper and warped it around any finger to be read. It opened first try. More than likely, this was an optical scanner. A few posts back i detailed CCD scanning, which would be far more accurate and less 'hackable'. Again, the goal is to combine multiple points of authentication and not leave it to a single point of entry. It was indeed an optical scanner. I know much better biometric devices exist, such as eye scans or scans of the vasculature of the palm. But I can't help thinking that there is a $10 countermeasure out there somewhere. And I totally agree that layered security it the best practice.
|
|
|
|
Aswan
Legendary
Offline
Activity: 1734
Merit: 1015
|
|
February 19, 2014, 06:57:04 PM |
|
It won't ever work since the password will be written down in plain text on your finger instead of being on your mind, it's therefore less save.
|
|
|
|
|