Biometrics were never authentication tokens. They were identity tokens. Authentication tokens are secret and replaceable, and your fingerprints (your retina, your iris, and so on) are neither.
When you authenticate something even slightly sensitive with biometrics, you’re doing it wrong.
The right way to do it is to identify with biometrics, and then authenticate with a proper security token, which is secret.
Falkvinge: Once more, with passion: Fingerprints suck as passwords »
No comments yet.