I think it’s safe to assume my fingerprint biometric data has been stolen.

Over the years, I’ve submitted fingerprints for a surprisingly wide variety of things:

• Various government permits and licenses
• Background checks
• Apple TouchID
• Various datacenter and other access points

By now, at least one of those databases has to have been hacked.

I don’t think I’ve ever scanned my eyes, but these access points are increasingly common, at everything from datacenters to building access points.  Eventually, I’m sure a scan of my eyes will be on someone’s file server.

So what if someone steals your biometric data?

“I Can Change My Password, But I Can’t Change My Eyes!”

I think that sentence has become something of a catch-phrase and the first thing that’s said the moment biometrics are brought up.  People don’t resist creating passwords or jumping through endless personal questions (“At which of these four addresses did you once live…”) but balk at biometrics.

I suspect this is ill-informed.  Think it through.

Imagine someone stole biometric data of your right eye.  First, you might ask, is this info actually “stolen”?  The odds are that there’s a picture of your eye somewhere online already.  But while there probably is a photo of you online somewhere, maybe even a closeup of yoru face, it wouldn’t include all the detailed retina pattern info.

And that’s what an eye reader looks at.  You look into a scanner and a ton of info is mapped.  There are also a host of protections built into these devices.  Body heat, the pulsing of the blood, the composition of your eye as a fluid-carrying vessel, your eye’s pressure, etc.  So the process of matching is both “is this Bob’s eye” but also “is this a real human”.  And of course, that’s just the scanner.  Some solutions factor in other things – from mechanical factors like “is there a human standing on the scale in front of the reader” to the simple expedient of a human guard supervising.

So the real question perhaps is not  “can you change your eyes” but rather “how easy is it to copy your eyes”?

I mean, yes, SPECTRE did it in Never Say Never Again but how realistic is that now…or at any time in the foreseeable future?  I think we’re a long ways away from technology that would allow a criminal to walk up to an eye reader and flash something that fools the machine.  Perhaps as far away as we are today from back when passwords were first properly introduced?

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.