Biometric Authentication

How long before we see biometric authentication as a core feature of a forum platform?

  • One year

    Votes: 0 0.0%
  • Three years

    Votes: 3 14.3%
  • More than five years

    Votes: 18 85.7%

  • Total voters
    21

ManagerJosh

Adherent
Joined
Oct 24, 2004
Messages
331
People who run forums are sometimes untrustworthy and I hardly feel comfortable with them having my IP address and email, let alone my fingerprints & other biometric data.
But all phone manufacturers, app developers, cellular network providers and operating system providers are trustworthy?
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,384
Why does it matter? My point is forums don't need biometric authentication, message boards aren't that serious.
Well we have sites that are more then message boards the would like to have this, when its done correctly. With that i mean an API that you can access for the phone or tablet or some interface on PC, so that only a OK (login credentials and password is send) or INVALID (nothing is send only that its not the person) is transmitted back to the site.
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,504
Websites themselves wont have that capability for at least 10 years. A native app is required to obtain and use biometric input for true authentication, no ifs, no buts.

Otherwise you're just using a password manager where your site passwords are stored, and your biometric input is only used to unlock the password manager and the site never realizes you tried to login using biometric anything.
Some hardware chips simply the credential storage but they're usually restricted to specific sites or services, a portion of whose functions are already a system component so you dont need extra apps or frameworks to handle it. It's not a perfect solution, but physical ownership of tokens is a more comfortable solution since biometric authenticators can be replaced if broken, stolen or made vulnerable and also revoked if needed.
 

Zylantex

Adherent
Joined
Nov 11, 2009
Messages
493
Just because we can do it doesn't mean we should do it.
So called progress for its own sake is a waste of effort.
 

Ryan Ashbrook

IPS Developer
Joined
Jan 26, 2004
Messages
3,514
Isn't it the device you're using (smart phone, tablet, pc/mac, microwave oven, etc.) that holds the data?
Yes, typically - these types of things typically use secure tokens to link the account and the security feature. The site would never actually hold the biometric data itself - that would be a huge security issue, up there with storing credit card information locally (if a site does that, it's doing it wrong).
 

Chris D

XenForo Developer
Joined
Aug 23, 2012
Messages
787
I'm more optimistic than some that such support will be available sooner rather than later; it just depends on when/if they'll make the relevant APIs available. It's really the same ball park as things like Apple Pay and Android Pay which can be supported by websites now with relative ease. Apple Pay specifically is even authenticated by default with your Touch ID finger print so I don't see it as being too much of a stretch to see it within a few years.
 

Gus

Enthusiast
Joined
Jan 15, 2017
Messages
158
Well we have sites that are more then message boards the would like to have this, when its done correctly. With that i mean an API that you can access for the phone or tablet or some interface on PC, so that only a OK (login credentials and password is send) or INVALID (nothing is send only that its not the person) is transmitted back to the site.
I would hope so.
 

we_are_borg

Administrator
Joined
Jan 25, 2011
Messages
5,384
I would hope so.
Well under European laws biometric information is a special information that must be protected and i mean not how a website is protected. Also if you have a break in in those systems the fines can be in the 4 to 6 figures. So unless only tokens or API is used i would never allow this on my site even if people begged me to.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,069
It's interesting to note the level of fear surrounding something that's taken for granted by millions of people everyday who use it to access their phones, computers, cars, bank accounts, schools, places of work... the list is endless. What's so different about accessing a forum?

I'm glad to see the developers who have responded aren't quite so worried.

I'm not so sure about biometric registration and login - not in the near future anyway. But I could see biometrics being used as the second factor in two factor authentication. That makes more sense to me as an intermediate step anyway.
I agree. No one method of authentication has proved foolproof and until that happens 2FA is imperative.

I would like to think biometrics will be active on forums within the next three to five years. I'm absolutely positive it'll be in use on other social platform long before that.
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,504
What's so different about accessing a forum?
Servers, sites and forumware scripts get hacked all the time.

With passwords and emails as identifiers, you can shrug that and change them anytime that happens.
With fingerprints, you're cooked for life, and biometric data obtained anywhere could be used on other services (to authenticate as you, or sign you up to paid services without your permission), it only needs to be stolen once.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,069
Servers, sites and forumware scripts get hacked all the time.

With passwords and emails as identifiers, you can shrug that and change them anytime that happens.
With fingerprints, you're cooked for life, and biometric data obtained anywhere could be used on other services (to authenticate as you, or sign you up to paid services without your permission), it only needs to be stolen once.
All valid points but biometric technology is still seen as streets ahead in terms of security and it's improving all the time. Personally I'm not particularly worried about the scenario you've described even though I think it's valid. I'm far more concerned about the implications for privacy. The potential for misuse, particularly by government agencies is worrying.
 

Chris D

XenForo Developer
Joined
Aug 23, 2012
Messages
787
Servers, sites and forumware scripts get hacked all the time.

With passwords and emails as identifiers, you can shrug that and change them anytime that happens.
With fingerprints, you're cooked for life, and biometric data obtained anywhere could be used on other services (to authenticate as you, or sign you up to paid services without your permission), it only needs to be stolen once.
It needs to be stressed that of course no forum software developer would ever want to directly store any biometric information belonging to their customers/users. It's just an insane notion. It's tantamount to storing passwords in plain text or storing credit card information (but worse, as you noted). It just wouldn't happen.

I'm sure I speak for all of the other forum software developers when I say that it would only be a feasible inclusion if it was some sort of web API provided by the device manufacturer, much like Apple or Android Pay, where the process is handled via secure tokens or some sort of OAuth style approach where there's no need for the software to receive or store anything that anywhere near resembles the actual raw biometric input.

To me it seems perfectly feasible for the future, and I'm fully confident that kind of approach would be 100% safe.
 

Ryan Ashbrook

IPS Developer
Joined
Jan 26, 2004
Messages
3,514
I'm sure I speak for all of the other forum software developers when I say that it would only be a feasible inclusion if it was some sort of web API provided by the device manufacturer, much like Apple or Android Pay, where the process is handled via secure tokens or some sort of OAuth style approach where there's no need for the software to receive or store anything that anywhere near resembles the actual raw biometric input.
Agreed.
 

fixer

I'm In My Prime
Joined
Jan 28, 2010
Messages
2,061
why i bought gunring.com on the godaddy auction house

soon police will wear rings mated to thier guns to prevent someone else from disarming them and using it against them

finger print on an iphone should be implemented for forum log on i think thats pretty cool
 

R0binHood

Habitué
Joined
Nov 23, 2011
Messages
1,339
You can apparently already get it integrated if you get a GoNative Mobile App Wrapper for your forum. Seems a tad pricey though!

https://gonative.io/pricing

Touch ID / Fingerprint Authentication
Custom development integrates iOS Touch ID and Android Fingerprint Authentication into your app. Quotes start at $2,500 per platform. Request more information
I love the TouchID authentication on the Amazon app.
 
Top