Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's why we need biometric hardware everywhere and use its data as a login, not as a password. Bio data is mapped onto a long UUID and user just sets whatever username he wants to be displayed. We even have means to smoothly transition from no hardware to 100% coverage - just allow manual UUID input for systems where biometric is unavailable - e.g. you have a pair of face/ID on the phone, fingerprint/ID on laptop and just ID on PC.


Serious question: what happens when you lose your finger? Or you have an accident and your face gets mangled? Or a ball hit your eye and you lose it?

You have to remember your UUID? Probably it would be more like a file than a string.


You keep your UUID as a backup. The fingerprint system on my phone still has an option to log in with password, the fingerprint is just a convenient, faster alternative. It's the same here, you keep the UUID in a folder with other sensitive documents and when you lose your finger, you fish it out, log in with it, and register another finger.


You'll have to remember multiple UUIDs, one per service. Now that I think of it will be rather cumbersome. And bio data has to be editable if it will be usable at all i.e. add/delete new entries - fingers, eyes etc. Damn, it is harder than it seems. Anyway, bio data as a login should be implemented, we only need to think exactly how.


And gain the ability for anyone to link and track your identity across all services you use. The NSA will be pleased :)


How? UUID will be different per service. Anyway - it won't be worse than current single (2-3) email as a login to everywhere, of facebookID as login to everywhere.


Sure, I can see this working in principle in a distant future. Not in the current world or the foreseeable future though.


No. Just a token like a yubikey. Biometrics doesn't help.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: