- Joined
- Oct 24, 2004
- Messages
- 344
But all phone manufacturers, app developers, cellular network providers and operating system providers are trustworthy?
Biometric Authentication
- Thread starter zappaDPJ
- Start date
But all phone manufacturers, app developers, cellular network providers and operating system providers are trustworthy?
- Joined
- Feb 27, 2013
- Messages
- 450
Where is the option "hopefully never"? 
- Joined
- Oct 24, 2004
- Messages
- 344
More than a forum owner.
Why trust an app developer more than a forum owner?
Why does it matter? My point is forums don't need biometric authentication, message boards aren't that serious.
- Joined
- Jan 25, 2011
- Messages
- 5,964
Well we have sites that are more then message boards the would like to have this, when its done correctly. With that i mean an API that you can access for the phone or tablet or some interface on PC, so that only a OK (login credentials and password is send) or INVALID (nothing is send only that its not the person) is transmitted back to the site.
- Joined
- Jun 29, 2008
- Messages
- 6,818
Websites themselves wont have that capability for at least 10 years. A native app is required to obtain and use biometric input for true authentication, no ifs, no buts.
Otherwise you're just using a password manager where your site passwords are stored, and your biometric input is only used to unlock the password manager and the site never realizes you tried to login using biometric anything.
Some hardware chips simply the credential storage but they're usually restricted to specific sites or services, a portion of whose functions are already a system component so you dont need extra apps or frameworks to handle it. It's not a perfect solution, but physical ownership of tokens is a more comfortable solution since biometric authenticators can be replaced if broken, stolen or made vulnerable and also revoked if needed.
Otherwise you're just using a password manager where your site passwords are stored, and your biometric input is only used to unlock the password manager and the site never realizes you tried to login using biometric anything.
Some hardware chips simply the credential storage but they're usually restricted to specific sites or services, a portion of whose functions are already a system component so you dont need extra apps or frameworks to handle it. It's not a perfect solution, but physical ownership of tokens is a more comfortable solution since biometric authenticators can be replaced if broken, stolen or made vulnerable and also revoked if needed.
- Joined
- Nov 11, 2009
- Messages
- 492
Just because we can do it doesn't mean we should do it.
So called progress for its own sake is a waste of effort.
So called progress for its own sake is a waste of effort.
- Joined
- Jan 26, 2004
- Messages
- 3,571
Yes, typically - these types of things typically use secure tokens to link the account and the security feature. The site would never actually hold the biometric data itself - that would be a huge security issue, up there with storing credit card information locally (if a site does that, it's doing it wrong).
- Joined
- Aug 23, 2012
- Messages
- 873
I'm more optimistic than some that such support will be available sooner rather than later; it just depends on when/if they'll make the relevant APIs available. It's really the same ball park as things like Apple Pay and Android Pay which can be supported by websites now with relative ease. Apple Pay specifically is even authenticated by default with your Touch ID finger print so I don't see it as being too much of a stretch to see it within a few years.
I would hope so.
- Joined
- Jan 25, 2011
- Messages
- 5,964
Well under European laws biometric information is a special information that must be protected and i mean not how a website is protected. Also if you have a break in in those systems the fines can be in the 4 to 6 figures. So unless only tokens or API is used i would never allow this on my site even if people begged me to.
- Thread starter
- Moderator
- #33
- Joined
- Aug 26, 2010
- Messages
- 8,450
It's interesting to note the level of fear surrounding something that's taken for granted by millions of people everyday who use it to access their phones, computers, cars, bank accounts, schools, places of work... the list is endless. What's so different about accessing a forum?
I'm glad to see the developers who have responded aren't quite so worried.
I agree. No one method of authentication has proved foolproof and until that happens 2FA is imperative.
I would like to think biometrics will be active on forums within the next three to five years. I'm absolutely positive it'll be in use on other social platform long before that.
I'm glad to see the developers who have responded aren't quite so worried.
I agree. No one method of authentication has proved foolproof and until that happens 2FA is imperative.
I would like to think biometrics will be active on forums within the next three to five years. I'm absolutely positive it'll be in use on other social platform long before that.
- Joined
- Jun 29, 2008
- Messages
- 6,818
Servers, sites and forumware scripts get hacked all the time.
With passwords and emails as identifiers, you can shrug that and change them anytime that happens.
With fingerprints, you're cooked for life, and biometric data obtained anywhere could be used on other services (to authenticate as you, or sign you up to paid services without your permission), it only needs to be stolen once.
- Thread starter
- Moderator
- #35
- Joined
- Aug 26, 2010
- Messages
- 8,450
All valid points but biometric technology is still seen as streets ahead in terms of security and it's improving all the time. Personally I'm not particularly worried about the scenario you've described even though I think it's valid. I'm far more concerned about the implications for privacy. The potential for misuse, particularly by government agencies is worrying.
- Joined
- Aug 23, 2012
- Messages
- 873
It needs to be stressed that of course no forum software developer would ever want to directly store any biometric information belonging to their customers/users. It's just an insane notion. It's tantamount to storing passwords in plain text or storing credit card information (but worse, as you noted). It just wouldn't happen.
I'm sure I speak for all of the other forum software developers when I say that it would only be a feasible inclusion if it was some sort of web API provided by the device manufacturer, much like Apple or Android Pay, where the process is handled via secure tokens or some sort of OAuth style approach where there's no need for the software to receive or store anything that anywhere near resembles the actual raw biometric input.
To me it seems perfectly feasible for the future, and I'm fully confident that kind of approach would be 100% safe.
- Joined
- Jan 26, 2004
- Messages
- 3,571
Agreed.
- Joined
- Mar 1, 2010
- Messages
- 623
Biometric authentication while using Brivium add-ons?
- Joined
- Jan 28, 2010
- Messages
- 2,054
why i bought gunring.com on the godaddy auction house
soon police will wear rings mated to thier guns to prevent someone else from disarming them and using it against them
finger print on an iphone should be implemented for forum log on i think thats pretty cool
soon police will wear rings mated to thier guns to prevent someone else from disarming them and using it against them
finger print on an iphone should be implemented for forum log on i think thats pretty cool
- Joined
- Nov 23, 2011
- Messages
- 1,606
You can apparently already get it integrated if you get a GoNative Mobile App Wrapper for your forum. Seems a tad pricey though!
https://gonative.io/pricing
I love the TouchID authentication on the Amazon app.
https://gonative.io/pricing
I love the TouchID authentication on the Amazon app.