Open DarthChowder opened 7 years ago
DarthChowder
commented
7 years ago Also, How do we prevent spoofing of biocryptics?
Could someone create a mold of a finger, or a high resolution image of an iris to fool the system? In a scenario where a family member passes, the user could keep the device active and potentially fool the biocryptics allowing them to unfairly gain coins for two accounts.
Might be far-fetched, just trying to think of what could be possible.
ebounds
commented
7 years ago Interested to read what everybody has to say for legacy of deceased users, but I share the concern about the safety of biometrics. I don't yet understand much of the distinguishing verification layer of "biocryptics" over regular old biometrics, but increasingly I read security professionals who are disillusioned with biometrics over forms of security like passwords. The major argument in that direction is that once an attacker has the pattern of someone's fingerprint or iris there is little recourse. It can't be changed like a stolen password. And this is an increasingly serious danger as technology like photography and 3D printing improves and get cheaper.
On Fri, Aug 4, 2017 at 1:30 PM, Adam Rolfson notifications@github.com wrote:
Also, How do we prevent spoofing of biocryptics?
Could someone create a mold of a finger, or a high resolution image of an iris to fool the system? In a scenario where a family member passes, the user could keep the device active and potentially fool the biocryptics allowing them to unfairly gain coins for two accounts.
Might be far-fetched, just trying to think of what could be possible.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/the-laughing-monkey/cicada-platform/issues/8#issuecomment-320321734, or mute the thread https://github.com/notifications/unsubscribe-auth/AGogBkMpu56gFCr8PDyLkLP9ckH2jO-bks5sU2NjgaJpZM4OuCg6 .
-- Edgar Bounds | 662.292.0114
yeti-detective
commented
7 years ago You know what uses biometric authentication but you can also change it if it's stolen? Your sassy little password dance: https://stackoverflow.blog/2017/03/30/stack-overflow-unveils-next-steps-computer-security/
ebounds
commented
7 years ago Something like this could be a good idea. It's implausible to me that anyone could engineer dancing as bad as mine.
On Fri, Aug 4, 2017 at 5:40 PM, Chris B notifications@github.com wrote:
You know what uses biometric authentication but you can also change it if it's stolen? Your sassy little password dance: https://stackoverflow.blog/ 2017/03/30/stack-overflow-unveils-next-steps-computer-security/
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/the-laughing-monkey/cicada-platform/issues/8#issuecomment-320368371, or mute the thread https://github.com/notifications/unsubscribe-auth/AGogBvpA78VkX7cwnviZgCoezCFH0Olkks5sU53kgaJpZM4OuCg6 .
-- Edgar Bounds | 662.292.0114
BrnLng
commented
7 years ago Maybe using biocryptics as the default gatekeeping and enabling change to simpler passphrase (eg. left at will) use after group vote approval... Other problems would start, but it would make most problems solvable and could be used to ensure 'new biocryptic hash' is available after surgery or any stuff.
The group to vote would have to be:
Some minimum number to ensure difficulty to pass attacks or large-group corruption to eg. seize property should be computed per group size and functionality.
This kind of abnormal use of gatekeeping could trigger some auto broadcast warning for each interested user of group.
stuk88
commented
6 years ago For basic income, not used coins should disappear after some time of not being used..
Sorry to have to ask this, but we need to consider all scenarios.
Let's say a user becomes deceased, and their will is to grant their account balance to their spouse, children, etc. How is that transaction requested and validated?
As a secondary question, if a user is murdered and the offender somehow has access to their password (many people keep a physical or digital list of their passwords), How do we prevent the offender gaining access to their account?