To: BelowTheCrowd who wrote (8579 ) 5/28/2002 5:50:55 PM From: David Respond to The scenario actually assumes a low level of security. For instance, a person enrolling fingerprints can (at least with IDNX software) enroll eight fingers. It is not much to ask the software to then call for a specific finger to be placed. That instantly drops the chances of intruder success by almost 90%. If the software asks for two fingers (a higher level of security), the Japanese hack opportunity drops a lot further. In addition, the biometric companies have long had other "false finger" protections, such as electrical resistance, temperature and pulse. Hacking through what I've described is not going to be very fruitful, especially if you are only allowed a few tries before a lockout. In a point-of-sale or police scenario, no one is going to get away with a gummi finger. In a physical access control point or IT application, layering the biometric with even a PIN (let alone some other biometric) will raise the access bar to a very high point. Notice how breaking into a smart card biometric now requires both stealing the token and finding a liftable print (and, I imagine, also guessing the PIN). It will be simpler just to resort to bribery, which always works no matter what your security system. Inside jobs are inside jobs.
