Hacker News new | past | comments | ask | show | jobs | submit login

Well, in most cases there are nine other digits you can use. That's probably a reasonable amount of redundancy.



I change my password more than 9 times a year, and I plan to live for more than one year.


That's not IT issuing you a new password, that's you changing it. The point is that biometrics are perfectly feasible as one of the two factors (instead of something you know) and can still be revoked.


I also don't leave my password on everything I touch.

Biometrics are a terrible idea. Password + token is much safer and infinitely revokable. And the server can even tell when an HOTP device has been cloned.


That, and not the revocability, is the core of the problem. It also comes back to a foundation of security: something you have and something you know.

Personally, I think most biometrics are bunk, unless you use multiple (fingerprint, iris, etc) along with some kind of password.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: