Comments Locked

22 Comments

Back to Article

  • blakflag - Thursday, March 10, 2016 - link

    This is simplified? Like all automagical schemes it will work great until for some reason it doesn't recognize your biometrics, at which point you'll be SOL.
  • ddriver - Friday, March 11, 2016 - link

    Also, despite the hype, biometrics are wildly insecure and easy to fake. You can pull off a voice, finger or retina print from someone unsuspecting, not so easy with a password. I hate to say it, but this whole biometrics fad as nothing to do with improving security, it has to do with mining and stockpiling biometrics data, and from the false pretext one can easily assume to no good purpose.
  • jameskatt - Friday, March 11, 2016 - link

    If you use a hash rather than directly use biometric data - like Apple does with TouchID, then it would be harder to mine and stockpile biometric data.
  • ddriver - Friday, March 11, 2016 - link

    So what do you imply? That the hashing happens on the user device and apple never get a hold of the actual biometric data? I highly doubt that, or any claims about it. There is only one way to convince me - if apple opensource their software and I see that this is what happens with my own eyes. But that will never happen... wonder why...

    But hey, who knows, after all, apple do seem to be overly concerned with the privacy of known terrorists, that means regular people are "even safer" right ;)
  • ddriver - Friday, March 11, 2016 - link

    Also, I am extremely skeptical that apple use a hash - see that's the thing about hashing - it works very well for digital data that is bit for bit accurate, but a fingerprint is an analogue source, and that will not produce the same binary result across different scans, and even if the difference is minuscule, the hash will be wildly different. So... no way Jose...
  • name99 - Friday, March 11, 2016 - link

    Are you saying this based on real evidence, or based on watching lots of movies?
    Because I am unaware of ANY actual device or installation that has ever been compromised in the way you suggest. There have been some notorious attempts, eg
    http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st...
    but as far as I know, these attempts have likewise been motivated primarily by watching too many movies, and have not been successful.
  • ddriver - Friday, March 11, 2016 - link

    Just last week it was reported that top tier phone makers' fingerprint readers can be fooled by fingerprint images, printed with regular inkjet with custom conductive ink. That real enough for you, or did you buy too much of the unsubstantiated hype about biometrics security?
  • name99 - Friday, March 11, 2016 - link

    Yeah, we saw the same claims about latex fingerprint lifts when the iPhone 5S came out. And yet, three years later, I'm unaware of a single real-world exploitation of this fact.
    Like I said, I'm interested in ACTUAL exploits, not theoretical supposed exploits.
  • ddriver - Friday, March 11, 2016 - link

    The inkjet printed fingerprint has already been proven to work in practice, on Samsung and Huawei devices. That is an actual, factual, practical exploit.

    In a world where the industry wants to convince of the preposterous, and the media is paid to repeat like parrot, do you really expect the media to inform you of anything that would be imperative to their interests?

    It is hilarious that you imply others' opinions are based on watching too many movies when your own opinion is based on watching too much ads and buying too much hype.
  • ddriver - Friday, March 11, 2016 - link

    Also, stacking further evidence to your lack of competence, that link you submitted about "notorious attempts" to fake biometrics actually contains nothing about any attempts to do that. Next time when you post a link you substantiate your claim, you might want it to be a link that actually substantiates your claim.
  • Jalek - Saturday, March 12, 2016 - link

    You could probably visit a federal office and have an agent unlock it for you with his biometrics.
    Don't they expect a master key for everything?
  • asmian - Thursday, March 10, 2016 - link

    There's lots of talk of "servers" here. So are the authentication details being stored in Intel's "cloud"? From where they can handily leak them to the NSA any time they are asked... however secure the system may be against non-governmental hackers.

    Having such secure encryption access for Windows is farcical in any case when 10 is designed by default to mine personal info back to MS and any third parties they choose, never mind what other back doors they've built into it. There's no point putting Fort Knox's front door on a house with wide open windows (no pun intended, but... the name is rather apt now). Or Google Android, I'd imagine. Where's the Linux version for those that value a more secure operating system to partner this with?
  • Communism - Thursday, March 10, 2016 - link

    It is illegal to bypass the NSA.

    That's why foreign governments have to build their own OS's (and hardware) from scratch.

    If you don't have the resources of a state however, you are fucked.
  • Sttm - Thursday, March 10, 2016 - link

    Well clearly Intel is targeting this product at the people who do not live in fear of Government surveillance, have mad conspiracy theories of Windows 10 spying on them, or illogical ideas like the OS with its entire code base open sourced being able to stand up to the NSA.

    That 99% of people who only need security to keep out the people they know and low level criminals targeting them with phishing schemes.
  • ddriver - Thursday, March 10, 2016 - link

    You don't have to be a criminal to suffer from government espionage. It is applied en masse today, analyzing the general population to come up with better ways to turn people into subservient dummies ;)
  • BrokenCrayons - Thursday, March 10, 2016 - link

    People already are subservient dummies and they turn themselves into such creatures willingly without any government intervention.
  • ddriver - Thursday, March 10, 2016 - link

    No, this is not the default human state. This has been inflicted over the course of centuries, for a long time it was theism (religion), but that has been replaced by atheism/scientism which employs technology to bring things to the next level.

    As bad as the general population is today, it can get a whole lot worse, there is plenty of headroom and unharnessed potential for degradation.
  • ddriver - Thursday, March 10, 2016 - link

    And actually it is not strictly only the government, most of the work is actually done by the big corporations, especially those with large user base stockpiling personal information - google, facebook, ms.

    Government as usual is struggling to catch up and the logical move is to request a tap into what the industry has mined so far. But whoever does it, it serves their common interests, the government is just as happy to milk silly chumps as the industry.
  • BrokenCrayons - Thursday, March 10, 2016 - link

    This system is far too complicated due to the burden of trusted device management atop invasive biometrics. It doesn't address the underlying problem of each service provider continuing to rely on a UID and password combination or failing to secure passwords in things other than plaintext files that get stolen and leaked to the internet. So instead of making service access more secure it merely adds another layer of unnecessary pain. Thanks, but I'll pass.
  • djc208 - Friday, March 11, 2016 - link

    This is similar to Lastpass and OnePassword (though their prices are worse), except with this additional "recovery" capability which is available if you choose to set up the ability, which is not as complicated as it sounds.
    It does however address the issue you mentioned because the whole point of a password manager is that while you may have multiple accounts, using this service each one of those accounts can have a unique and very random password (and if you want user ID) generated by the program. You then only have to remember one password for your password account and the account software handles the rest. Should one of those plain text files get leaked only that service is compromised and you can easily just have another random password generated.
    You can't control what the vendor at the other end of the service does with your passwords but you can control your passwords, these services just make it easier.
  • Meteor2 - Monday, March 14, 2016 - link

    LastPass is alot cheaper than True Key. More importantly, it just works, while TK was very buggy when I tried it a few months ago.
  • Murloc - Saturday, March 12, 2016 - link

    for most people, what they want is to prevent thieves, people they know, journalists and credit card thieves from accessing their devices and money.

    Biometrics make that very difficult.

    The government can access your data regardless e.g. if you have a biometric passport they most definitely have a recent picture of you and probably your fingerprints as well.
    If some supersecret anti-terrorism agency needs acccess, they can have it.

Log in

Don't have an account? Sign up now