Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Security of You

By Steve Jones,

This editorial was originally published on Nov 10, 2008. It is being re-run as Steve is at SQL Bits.

I've written about biometrics in the past and even polled you about your concerns with this data v credit card data. Surprisingly most people felt that credit card data was more of an issue.

There is a report on CNet that some people are concerned about the security of this data, which makes sense given the way that much of our data has been treated over the last few years. I haven't seen any reports of biometric data being copied, but I'm sure that's a matter of time. It seems to be some type of corollary to Murphy's Law, call it the Jones Observation: If we can store data, someone can copy it.

Biometric data sounds really, really cool, and I know there are all sorts of ways that it can be secured, that we can scan multiple parts of your body in case you lose a finger, get a sore throat, have a few too many adult beverages the night before, etc. However the fundamental problem isn't false positives, and it's not false negatives.

It's the fundamental inability of any organization of any size to be sure that the data they stored is still the data that's there. This is going to be one place that it will pay to somehow replace the digital representation of your finger with a criminals, giving him the access to whatever you're protecting. And when he can't remember the password or PIN, the "second factor" in authentication, I'm sure that someone will be happy to verify his fingerprints and then reset the password for him.

It sounds like a good idea to biometrically verify people's identity, and it looks cool in the movies when those computers remember who you are. But in practice it doesn't work well, probably never will, and it will be an area that mistakes, serious mistakes can be hard to correct because people will have so much faith that those 1s and 0s really do represent you.

ID cards and pass codes are fallible; I completely agree with that. But we KNOW they're fallible and so we accept some issues and we don't necessarily trust them, at least not in very secure places. However I think we're just naturally going to believe more in biometrics, something I'm not sure is a good idea. I know that if I have to start using these, I'm going to want to some escrow of my digital representations, just in case there are problems.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are now available at sqlservercentral.mevio.com to get better bandwidth and maybe a little more exposure :). Comments are definitely appreciated and wanted, and you can get feeds from there.

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 185 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Podcast Announcements

Podcast Feeds

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

BLOG

Technical Podcasts I Listen To

There are a few podcasts I tend to listen to as I have time. Since I work with a wide...

ARTICLE

Treat People Like People

Steve Jones thinks that the Millennials have the right approach to work. There are many things that ...

FORUM

Podcast Problem

Podcast Problem Blocked by group policy

Tags
biometrics    
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones