This article is more than 1 year old

Give biometrics the FINGER: Horror tales from the ENCRYPT

Le FREAK? C’est chic!

Arghhhh... my... fingers

Apologies for stating the bleeding obvious, but when your password gets stolen, you just think up a new one; but once your biometric data is in the wild, there’s not much you can do other than dip your fingers in acid, gargle with brickdust or get a facelift. Surely what we need is a biometric check on something that (1) generally remains out of sight, (2) can’t be conveniently faked, and (3) gradually alters by itself naturally over a period of time?

I have it. Forget fingerprints, let’s introduce biometric authentication by "arseprint".

I can already visualise a marketing campaign: “Biometric security? My arse!"

Over the years, my arse will get looser, flabbier and undeniably nearer to the ground. The chance of a scammer breaking into my bank account to steal my debts using a 20-year-old photocopy of my arse taken at an old Christmas party is slim indeed – unlike my arse.

We could call it an "arseword".

Of course, the difficulty is in finding a convenient way of presenting my arseword credentials at the appropriate moment without drawing the attention of the police.

Security experts tell me what’s really required is a mature approach to two-part authentication with long passphrases. But if security really mattered, a better solution would be three-part authentication. Or four-part with biometrics as a plus. And then apply it to everything, from bank account access to permission for entering workplace washrooms.

There you are, mincing up and down in front of the WC door like Max Wall as you try to extract your office ID from the depths of your back pocket. The thrill of locating it among the sweet wrappers and flimsy business cards left over from last week’s dreary network event has allowed a tiny trickle to escape but you hold back the flow in time. You wave the card frantically over the RF reader.

"Please type in your PIN," orders the toilet’s Automated Lock Unit (acronym "ALU" – heh heh).

Tippetty-tap-tap.

"Please type in your AD password. It should be at least 72 characters long, using upper and lower case letters, 19 numbers, six different kinds of punctuation (apart from backslash because we’re Microsoft), that nameless right-angle character on your keyboard that no-one uses and looks like an ‘L’ on its side, seven different currency symbols, eight emojis, five exponentials and three hiragana."

Tippety-tip-tip-tip... no that’s not right. Tippett-tap-tap-tippetty-tip-tip... bugger, let’s start again. Tippetty-tippety-etc...

A few minutes later, having clicked on "Forgot password", followed the link in the email they sent you, and painstakingly set up a new passparagraph – all the time hopping from foot to foot in rising panic – you eventually let out a retrained whimper of joy as you succeed in completing the next stage in the authentication process. In anticipation, you squeeze your thighs together more tightly.

"Please place your left thumb on the reader."

"And your forefinger."

"And your right ring-finger."

Ouch.

"And now your left little finger."

Argh.

"And now your elbow."

What?

"It’s a Twister! It’s a Twister!"

Youtube Video

Let me in you stupid bloody shitehouse door.

"Please move closer for retina check."

(shuffle)

"Count down from 101 in prime numbers."

101, 97, 89, er… 83...

"Swing the hammer onto the block and test your strength."

(slam... ding!)

"Exhale into the tube until I tell you to stop."

Hhhhhhhhhhhhhhh...

"Legs slightly apart, please, aaaaand... cough!"

Aheh.

"Thank you, sir. Sorry for the cold fingers. You may enter. Thank you for using ALU. We hope you will use ALU in the future."

The door nudges ajar with a soft click. You are desperate to rush in but the pain of lower abdominal retention is such that you can only shuffle through with a grunt and shallow breaths. When the great moment arrives, you can’t even let go.

Just as well, because a hacker has already stolen the toilet and replaced it with gloating graffiti: "ha ha sucker sit on this we totally PWNED your arseword". ®

Alistair DabbsAlistair Dabbs is a freelance technology tart, juggling IT journalism, editorial training and digital publishing. He understands perfectly well that the slippiest banana skin for security is the desire for convenience, whether that be a short password or a fingerprint. So surely the answer is to build a system of authentication on encrypted banana skins.

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like