Biometrics Direct - Your source for fingerprint biometric security products for home and business.  Biometric door locks, fingerprint USB security and PC biometric login

View Cart | Home | Support | News | Policies | Resellers | Contact Us | Sitemap |  

Contact Us Toll Free in the USA - 1-800-519-8800
Direct and International Support - +1 206-973-2137

 
Home Products iQBioBlog Where to Buy Support Smart Cards Card Printing ID Cardz ASG Global
Biometrics Direct - Your Source for Fingerprint Biometric Security Products for Home, Travel and Office
iQBio - "Unlock the Power of Your Print"
 
 


Site Navigation
 
 

Physical Access Control
iGuard IP Appliance

PC & Network Access
BioCert PC Peripherals
ACS Smart Card

Developer Products
ACS Development Kits
- Smart Cards
- Smart Card & Bio

Biometric Solutions
Time/Attendance

Other Products
ACS Smart Cards
Smart Card Supply
Card Five ID Software
PVC ID Card Products
Pebble ID Printer
Quantum PVC Printer
DNP Reverse Printers
IDCardz.com

Biometrics Education
Biometrics FAQ
Biometric Terms
Biometrics 101
US Biometrics Laws
Mythbusted?
Your Data in the Wild
2006 Data Breaches
2007 Data Breaches

Personal Privacy Risk
Biometrics Links

 
 

 Kall8
Toll Free & Int'l VOIP
with "Follow Me" Service

 

 

November 25, 2006
By James Childers

With the recent events in the press and the publicity surrounding the "Mythbusters test" regarding the Defeat of a Biometric Security Systems (Again), I felt it was important to discuss the events surrounding these successful attempt to defeat specific biometric products. 

For those of you that don't know, Mythbusters is a television program on the Discovery Channel that features a couple of intrepid Hollywood special effects gurus that "take on" current myths of the day and try to prove or disprove the basis of the myth.  I must say that as an avid fan of the MythBusters television show, I was intrigued by the very thought of Biometric Technology being tested by these two. 

Over the years there have been several media reports, studies and other documentaries about "The Defeat of Biometrics" and I have some very well known opinions about this premise.  You can read an article that I wrote in June of 2002 that discussed the topic of "Biometrics in the Real World" where I clearly state my opinions on the subject and offer some advise on implementing a Biometric Security System. 

These same theories that I espoused over 4 years ago still hold true today and I am happy to say that YES I am glad that Adam Savage and Jamie Hyneman have brought some sense of reality to this industry that has for too long said "my product can't be broken or my biometric system can't be defeated".  It's time for sanity to prevail in this argument about security systems and how easy it is or is not to break a biometric system.

There is even an entry in the modern cultural lexicon, Wikipedia discussing this topic.  Wikipedia.org is a collectively updated and verified web encyclopedia. 

"Recently the television program Mythbusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. The results were shocking as they were able to easily defeat the technology with not one, but all of the different techniques they used. The most eye-opening was their quick success with a simple photocopy of a fingerprint. That the technology was so easily undermined strongly suggests that biometrics, in its present form, cannot yet be considered a strong form of authentication. (Wikipedia.org)"

OK, now with that out of the way, let's discuss WHY this happened and WHY there is no such thing as a perfect security system.

Rule Number One - There is no impervious security system on the planet.  There never will be.
 

 

Rule Number Two - When a vendor tells you that there system is completely unbreakable - they lie.  Nothing is unbreakable.

 

See Rule Number ONE.
 

 

Security System Types (Factors) -

Biometric - Biometry Based (Who you are)
Password or Pin - Knowledge Based (What you know)
Keys or Tokens - Possession Based (What you have)

Biometric Systems -

Single Factor Authentication (SFA) - asks the question and grants access based upon "who is this person?".  A SINGLE form of authentication is used to grant access based upon IDENTIFICATION.

Multi-Factor Authentication (MFA) - asks the question and grants access based upon "is this person whom they claim to be?"  By using a statement of user identity (Card, PIN, Password or other token) and then authenticating access based upon VERIFICATION of this identity.

Single Factor Authentication (SFA) is considered weak security no matter what the factor.  Several unscrupulous biometrics vendors (mostly off-shore in origin) are vigorously promoting their single factor systems as unbreakable, live sensing, blah, blah, blah...

There is no system on the planet that cannot be beaten.  Passwords can be guessed, tokens can be stolen, and yes Virginia, while there is a Santa Claus, there is no free ride in the security world.  Biometrics can be spoofed.  Any time you trust something important to a single factor authentication system, the risks should reflect the security level and never use this as your only line of security. 

  • Are SFA biometric systems more secure than a password? - most often times yes. 
  • Are SFA biometric systems more secure than a key based system that can be readily copied, shared or lost? - Again a resounding YES.
  • Are MFA (VERIFICATION) systems more reliable than SFA (IDENTIFICATION) systems? - ALWAYS.

Biometrics have firmly taken a solid place in security practices, however they should however NEVER be your ONLY security method if you are protecting highly valuable or sensitive information or facilities.  Alarm systems, monitoring and recording systems, biometric systems and good security practices should all go hand-in-hand based upon the level of security required.  Remember, your mileage may vary and treat EVERY system as if it were capable of being compromised.

Our premiere access control solution for small business, the Lucky Technology iGuard is a VERIFICATION system.

Thank you for your time and consideration.

James Childers
CEO iQBio, Inc.
Intelligent Biometric Solutions

If you have any other questions you would like answered here or in our Blogs, please email me at james@iqbio.net with the subject line - "I want to know"...
 

 
 
Copyright © 2002-20012 Artemis Solutions Group, Use of this site or purchase subject to these Terms and Conditions of use.
Some images used on this website are Copyright (c) Comstock and used under license.