Comment on Microsoft’s Windows Hello fingerprint authentication has been bypassed
0xD@infosec.pub 10 months agoA username is not something “you are”, it’s something “you know”. Biometrics not nearly the same as usernames.
Comment on Microsoft’s Windows Hello fingerprint authentication has been bypassed
0xD@infosec.pub 10 months agoA username is not something “you are”, it’s something “you know”. Biometrics not nearly the same as usernames.
Luci@lemmy.ca 10 months ago
A username is something you are. It’s you! You are 0xD.
A password is something you know. A security key is something you have.
When we interview security analysts you don’t get past the first round if you disagree.
feddylemmy@lemmy.world 10 months ago
If your interview involves telling me a username is “something you are” rather than “something you know”, I’m running away from that job as fast as I can.
Luci@lemmy.ca 10 months ago
Other people know your username.
How hard is this?
sirfancy@lemmy.world 10 months ago
By this same logic, other people could know your fingerprint since it’s “something you are”. No, other people cannot know your fingerprint. It’s a complex mathematical equation to a computer. This is such a terrible take.
Source: CASP+ certified.
Blueteamsecguy@infosec.pub 10 months ago
I guarantee you I know thousands of people’s passwords as well, I just don’t know the username associated.
0xD@infosec.pub 10 months ago
No, this username is one of the names I’ve chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that’s too much work. Just imagine me having done that and think about what you just wrote.
I would be vary of the people agreeing with you on something so basic yet so wrong.
An authentication factor is a unique identifier that shows that you possess something that others don’t. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren’t). And a password is something you know because… Bla bla bla.
To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.