Topic: Ledger Integrates Biometric Authentication (Read 1095 times)

Biometric authentication can be easily bypassed. It would be recommended to use a combination of both a pass code along with biometrics.

It "feels" really cool to put your finger and get it scanned to unlock your phone, but you would trust a lot of money into it instead of classical cryptographic algorithms?

Maybe in the future, when scientist will improve it,  it will be good idea to use services like Biometric Authentication. But for now this system is rather misleading with promise of total security.
DNA portable scanners are song of the future. And even then I am afraid it will be exploitable tech. Now you can simply photograph your fingerprint and cheat scanner.
In the future someone could grab a sample of your DNA and use it to get access to your account. How that problem will be fixed?

biometric can be craked easily, they should provide retina plus movements of your eye(that follows a specific path) at the very least, or something else

you can find plenty of example on the web that show this

http://9to5mac.com/2013/09/22/biometrics-hacking-team-uses-photographed-fingerprint-to-get-past-touch-id/

I love biometric, when ever i have to use anything biometric it feel like ultimate security, i was just wondering if anyone has seen a dna biometric authentication?

Again Ledger CTO here, yes, we won't use biometrics because the cost to of doing it correctly is definitely not worth the benefits. And when not done correctly, it can create a persistent liability for the user.

Just considering fingerprints, the most common one today : first, you want a good quality sensor to collect your fingerprints (otherwise, this can be fooled by a fake finger, gummy bear or whatever) - most consumer grade products fail right there. Then, you want to connect it securely to your matching logic (otherwise, every malware or physical attack can reveal your digital fingerprints, again, you don't want that to happen since it's complicated to revoke a finger without chopping it off, and a digital fingerprint can be a great way to fake authentication into other brittle systems). Finally, you want a secure, fast and reliable matching logic (secure for the same reasons as before, fast and reliable because the user experience is going to suck otherwise)

Apple actually does most parts right as described in https://www.apple.com/business/docs/iOS_Security_Guide.pdf - but that's more the exception than the norm, and of course the generic consumer grade sensor is still bad.


You'll have similar requirements for other biometrics - good sensor, secure pairing with the matching logic, secure, fast and reliable matching logic. Also matching logics are complex and highly proprietary, which doesn't really fit that well into Bitcoin decentralized and trustless design either. It's quite difficult to be able to evaluate yourself how snake oilish it really is - for a good laugh, just ask your local fingerprint solutions vendor how the matching algorithm works, or even how minutiae are encoded.

We used to have some fingerprint scanners at work, and the people figured out how to bypass them. They used common office supplies to duplicate/copy the fingerprint pattern and they got past it.

When we bought these devices, the supplier made bold claims... "If you cut off a finger, it will not work... da da da..."

We brought them back... showed them what the people did, and they refunded us. We now use a combination of retina scanner / CCTV and passwords... with a 100% success.

There are holes in any system... just try to eliminate as many as possible. 

Yeah, but you probably could use a different finger )

I have a mate that got the Galaxy S5 and he managed to reverse engineer the fingertip thing that authenticates you as the owner to gain control of it, these things aren't advanced enough to gamble with your BTCs imo.

Is this real,I hadn't seen and I feel this is exciting, It will add more security to our bitcoins

FIngerprint tech is still unstable unfortunately it needs a long way to go before usability.

I think they should adopt biometrics on mobile phone wallet aps as well. I don't think people should rely soley on it but with your password and things like google authenticator etc it adds another layer of well needed security.

Too bad they won't adopt fingerprint tech... Since they won't, I'll be waiting around for retina scan technology

I'm sure it can be easily fooled, but it's great as a 3-factor option. Unlikely someone at the otherside of the world is going to be able to lift your fingerprint off something as well.

I don't trust biometrics myself. Nothing is better than a 20+ character phrase with a couple uncommon signs, you know you are safe for a lifetime if the algorithm is decent such as SHA256, but who knows what can they come up with to compromise biometric type security.

If they are counting on using simply Fingerprints then this can be easily tricked up as the users above said . they need to make something more secure like that eye recongition or whatever his name is like Nokia are planning to do on their phones soon or Finger vein pattern which is obviously the future https://www.youtube.com/watch?v=GOWD9_vj75I
but it's still a good idea and something more for security i guess , when it's going to be available btw ?

There will be no biometrics.... See reply posted below the article

Simple biometric is nice for sci-fi movies, but in reality it is a very bad idea.  I can change a password in seconds, but I can never change my fingerprints.  Maybe there is some way for it to track a better biometric, but since none of them can be changed like a password, I see this more as a gimmick than an actual good security measure.

Most fingerprint readers can be easily tricked with very simple techniques. The newest upcoming technology might be more secure, but I think it will soon be cracked if it hasn't already. If I had a Bitcoin hardware wallet I wouldn't trust any form of biometrics to secure it because most of them have already been broken.