Problems with passwords

For decades passwords have been the only way to identify computer users. However, there are several problems with passwords: Often it is enough for a hacker to guess or to find out or to change one password to get access to the entire network.

Someone who knows your password and has access to your computer account can read your e-mail, send e-mail under your name, and impersonate you in other ways on the Internet.

New systems of "passwords" are developed to deal with these problems. In one approach the user chooses a list of questions and answers for which only he/she knows the answers. In order to log in, the user has to answer several of these questions chosen at random.

Another system is based on physical devices which generate a password according to some algorithm and frequently change it. In order to log in, the user must type in the current password generated by the device.

However, all of these systems are based on some knowledge, and someone who has this knowledge may impersonate the legitimate account user.


Unlike passwords, biometrics identify people based on their unique physical characteristics. Some biometrics are already used for this purpose, other are still being researched. Below we discuss the most well-studied biometrics:
  1. Fingerprints. This is one of the oldest known biometrics. Not only fingerprints are different for all people, they also are easy to classify and catalog. Fingerprints are 99% accurate, so they are quite reliable.

    Recent uses of fingerprints include use of fingerprints in cell telephones. The main challenge in such a system is to create a small and reliable fingerprint reader.

  2. Hand geometry is preferred to fingerprints in some cases, because it is easier to scan and is less intrusive. The proposed applications of this technique is at border control (as a preliminary identification). It is significantly less reliable than fingerprints. Its accuracy level is 90%.

    Researches at Michigan State University have proposed a peripheral computer device for measuring hand geometry to give access to certain web pages.

  3. Face recognition is another widely researched biometric. Face recognition allows to identify people not only in person, but also by a photograph.
  4. Voice prints, or voice recognition, can be used to identify a person. It is especially useful in a phone conversation. A reliable identification system would make it possible for banks to identify their customers on the phone and allow more transactions to be performed by phone.

    However, if applied incorrectly, voice print is vulnerable to playing a recording of someone's voice during the identification process. To avoid this, one can ask the user to read a specific (randomly chosen) phrase which is not known in advance.

  5. Iris scan seems to have unique properties which make it perfect to be used as a biometric. Systems based on iris scan are already used in major European airports for identification of travelers.

    Web site of John Daugman, one of the top researches of iris recognition, has a lot of information on iris recognition and some really fascinating iris pictures. The main reason iris recognition is so promising is because bits of so-called "iris code" are uniformly distributed among people (i.e. each has an equal probability to be 0 or 1). The system has about 250 degrees of freedom, i.e. characteristics, each of which is independent from every other one. It is also interesting that even identical twins do not have the same (or even close) iris pattern.

    Iris recognition is extremely reliable: according to the statistics on John Daugman's web site, several million tests have not produced any false matches.

  6. Footprints and walking style.
  7. Handwriting characteristics.
  8. Typing characteristics.
  9. DNA sampling. This is a controversial proposal, because most people consider submitting DNA samples to be a violation of their right to confidentiality.
One typical problem with biometrics is setting the margin of error: what level of false negatives we are going to tolerate in order not to get false positives? This trade-off is especially important for inexact biometrics, such as hand geometry.

Another problem is the need for centralized databases for biometrics data. Many people consider storing such data to be a violation of their privacy. Unlike passwords which can be changed, a biometric identifies a person for life. Many people are not comfortable with the idea of storing such information.

Storing biometrics in a database also raises the issue of protecting such a database both from theft of the data and from altering it. Both kinds of security violations would be disastrous if the biometric is widely used to identify people.

However, it may not be necessary to store this information in a database. An alternative is to store it on a smart card and to sign the information with a digital signature. The signature guarantees that the card has been issued by a reliable authority. It also makes it impossible to change the biometric data on the card. The biometric of the person can be compared to the one on the card locally, i.e. without sending a request to a centralized database. This way the information is not exposed to eavesdropper in transition.

Using biometrics with smart cards for identification seems to be a very promising direction of future research.

This page has been created and is maintained by Elena Machkasova
Some of material on this page is based on Chapter 6 of "Web Security, Privacy, and Commerce" by Simson Garfinkel with Gene Spafford.
Comments and suggestions are welcome at

Spring Semester 2002