undefined | Better HN

0 pointsNeedMoreTea6y ago0 comments

They don't do the same thing. All the flaws in passwords can be avoided, the semi-public state of biometrics cannot.

Authenticating access, if you follow standard security practice, should be at least two of, and preferably all three of: something you know, something you have, something you are. Not one or more.

0 comments

kortilla6y ago

There is no axiom that the flaws of biometrics cannot be avoided. “Something you know” is in fact a biometric property of the brain that can easily be transferred.

Touch ID combines something you have with something you are. It’s easily better for 99.9% of the threats out there that result from weak passwords shares across sites and users trained to type them into anything that resembles the real logon page.

j / k navigate · click thread line to collapse

0 pointsNeedMoreTea6y ago0 comments

They don't do the same thing. All the flaws in passwords can be avoided, the semi-public state of biometrics cannot.

0 comments

kortilla6y ago

There is no axiom that the flaws of biometrics cannot be avoided. “Something you know” is in fact a biometric property of the brain that can easily be transferred.

j / k navigate · click thread line to collapse