No Surprise to See Those People Being So Careless in Security

Today’s topic is this BBC report — ” Apple AirTags ‘A perfect tool for stalking’ https://www.bbc.com/news/technology-60004257

Because we know that their TouchID and FaceID deployed with a default pincode is a very useful tool for criminals. And, they are apparently so indifferent to this issue. Specifically,

* Biometrics is probabilistic; it measures unpredictably variable body features of living animals in ever changing environments.

* Biometrics does not escape the trade-off between False Acceptance (False Match/False Positive) and False Rejection (False Non-Match/False Negative).

* The presence of False Rejection forces a fallback measure to be pre-provided in case the correct user gets rejected.

* Biometrics and a fallback measure need to be used together in a ‘multi-entrance’ deployment, as against a ‘multi-layer’ deployment. The former increases the attack surface (= brings down defense), while the latter decreases it (=brings up defense).

* Unless a default pincode is invalidated not to work as a fallback measure (with availability sacrificed), the overall security is lower than that of the default pincode used on its own.

As such, it is not that biometrics is not so secure as it claims to be, but that biometrics destroys the defense which a default pincode has otherwise provided.

More is available at “Biometrics is to Password what Back door is to Front door”

………………………………………………

More writings are posted at Comments Posted since January 2021 on Digital Identity

Corporate website — https://www.mnemonicidentitysolutions.com/