Tokenize - Biometrics combined with proxy / NFC technology for logging in, physical access and consumer purchases

in #security7 years ago (edited)

Check out this new product. It's a ring that allows you to login to websites/web services, open locked doors or make consumer purchases in a more secure way than a password, key, or proxy card.

https://tokenize.com/?gclid=CPKE9JrW49QCFdS3wAoduLUO2g


https://tokenize.com

My humble opinion, much more secure than any of the above.

Passwords - Password cracking is difficult, but far from impossible. Many apps are available to make this easy enough for the neighbor kid to break into your wifi and email...
-Password cracking tools - https://www.concise-courses.com/hacking-tools/password-crackers/

Key Locks - the art of picking locks goes way back. It's not that difficult to rock a lock open (kind of fun, like playing with a rubrics cube...). Also, ever seen a bump key?
-Lock pick training sets - https://www.amazon.com/slp/lock-pick-kit/m9tq5vyp5w2g574
-Bump key -

Biometrics - Biometrics have always been suspect to me. Within months, people were hacking fingerrpints when biometrics first came out. If a secret / item is important enough, biometrics will simply lead to severed fingers and gouged out eyeballs. (gross I know, but you get my point)
-Fake fingerprint - http://www.instructables.com/id/How-To-Fool-a-Fingerprint-Security-System-As-Easy-/

Proxy / NFC - Vulnerable to card reproduction or NFC MitM attacks.
-Proxy Card Cloning - https://blog.getkisi.com/copy-clone-prox-hid-id-card/

Final Thoughts - All that being said about it being much better, it's still not a viable solution for significant secrets OR high value items...

Sort:  

I was just thinking about this on the way home. In the last couple of weeks I've been saving passwords and keys left, right and center. It started me thinking about biometrics. The first thought after that was about severed bodyparts ...

It's a scary thought. We simply can't grow back our body parts...yet...

LOL

Unfortunately not no. I guess the only solution to that would be some sort of 'isAttachedToBody' check when scanning fingerprints or iris or anything. Maybe pulse could be used (though that's probably impossible to make unique for any single person)