replacing compromised biometric authenticators

Alain Hebert ahebert at
Fri Oct 13 11:03:30 CST 2017


     1. captcha(?)

     In my millennia of experience I never saw a captcha used as a mean 
for DC access control.  Just as a programmatic way to reduce brute force 
for some website functions.

     On my network janitor keychain I have (in order of hackability from 
easiest to hardest)

         1. keycard only

         2. keycard + fingerprints

         3. keycard + face (2d)

         4a. keycard + eye

         4b. keycard + top of hand mapping

     But all the DCs, I deal with, have highrez cameras and tailgating 
controls...  Biometrics are just a part of a wider system.

Alain Hebert                                ahebert at
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911    Fax: 514-990-9443

On 10/12/17 16:58, Rich Kulawiec wrote:
> On Wed, Oct 11, 2017 at 05:04:08PM -0400, Ken Chase wrote:
>> If the current best operating practice is to avoid biometrics, why are they
>> still in use out here?
> (1) for the same reason some idiots still use captchas
> (2) new hotness > old and busted, regardless of merits
> (3) because they facilitate coerced risk transference away from the
> people who are actually responsible (and are paid to be so) to the
> people who shouldn't be responsible (and aren't paid to be)
> ---rsk

More information about the NANOG mailing list