> Perfect: A human guard manually taking a fingerprint reading. Can't be beat because the guard can obviously see that it's not really your hand.
Well, the argument some people are making is that this might be no better than a human checking your ID. Yes, there the guard can verify that there is some real human there, but both the ID and the fingerprint could be faked (e.g. a fake fingertip mold which matches the victim's "known" fingerprint).
We're talking about a guard who physically takes your hand, inspects it, and puts your finger in ink, and then compares that to the prints they have on file. This is exactly the protocol that's used by the police and military when taking prints.
So wear fingerless gloves and social engineer a little bit (it's cold, it's winter, I have bad circulation, etc). If you think having a human guard makes a system infallible, I have some bad news for you.
Oh lord, this is firmly off that point. An alert motivated human looking for fakes can identify them with nigh perfect accuracy. This means that it should be possible to build an autonomous system that can do the same which is the goal of biometric auth systems. There is nothing that fundamentally breaks biometric auth until you can burn fingerprints on someone or replace eyes or gene therapy new DNA or whatever. And even then that’s pretty damn strong.
Exactly, every keeps going on about magic social engineering attacks without providing details.
Anyone who has had their fingerprints taken by the FBI knows that there is a solid procedure that will detect fakes. The idea is to replicate this near perfection, not bolt on some revocation system for fingerprints (ouch!)
Well, the argument some people are making is that this might be no better than a human checking your ID. Yes, there the guard can verify that there is some real human there, but both the ID and the fingerprint could be faked (e.g. a fake fingertip mold which matches the victim's "known" fingerprint).