Many citizens are being misguided collectively by a number of media and get trapped in a false sense of improved security generated by the addition of biometric functions to smartphones, tablets and PCs while many criminals presumably understand what this situation means. That is, predators who do not turn on biometric functions are able to easily attack the preys who have opened a backdoor by turning on the biometric functions.
iPhone Encryption – Published on Mar 11, 2016
Charlie Munger: Invert And Use “Disconfirming Evidence”
It appears that something crucial is overlooked in the heated debates about the backdoor.
The recent models of iPhone and many other smart devices already have an effective backdoor, namely, a fingerprint scanner or a set of camera and software for capturing faces, irises and other body features which are easily collected from the unyielding, sleeping, unconscious and dead people. .
Additional Observation on the Power of Biometrics with Fallback Password to Bring Down Security
The overall vulnerability of a biometric product operated with a fallback password is the sum of the vulnerability of biometrics (x) and that of a password (y). With (x) and (y) being between 0 and 1, the sum (x + y – xy) is necessarily larger than the vulnerability of a password (y). This math is as solid as the law of gravity. Let us think of a very weak password (Y1) and a very strong password (Y2).
We will then get to (x + y1- xy1) > (y1) and (x + y2 – xy2) > (y2), which means that we are safer when we use only the weak password than when we use the biometrics with the weak fallback password, and that we are also safer when we use only the strong password than when we use the biometrics with the strong fallback password. We could consider the comparison between (x + y2 – xy2) and (y1) but it could lead us nowhere.
Whoever can manage a strong password Y2 together with biometrics must be able to manage Y2 on its own. Then, again, we are safer when we use only the strong password Y2. Moreover, rarely used/recalled passwords tend to be very weak, say, what we get is (x + y1 – xy1) >>> (y2). As such it is not possible to count a case that the biometrics used together with a fallback password is stronger than a password used on its own.
Incidentally, it would be fruitless to spend time for comparing the strength of biometrics used on its own with that of passwords used on its own. There are no objective data on the vulnerability of biometric products (not just false acceptance rate when false rejection is sufficiently low but also the risk of forgery of body features and the risk of use when the user is unconscious) and that of the passwords (not only that the entropy may be as low as 10 bits or as high as 100 bits but also that it can be stolen and leaked.