@gogonow: The raw data would easily be available through the kinect hardware (it has IR scanning for 3D and webcam for 2D), what would be needed was an algorithm that identifies individuals from the raw data -- I suspect there are algorithms out there already for this.
I guess the title should have been qualified with "Relatively" - as nothing is of course absolutely secure. That a "physical attack" can always bypass such measures (should) go without saying.
The idea is thought to be better than just writing down passwords directly on paper - preventing easy access to passwords if the card was to be stolen.
The precise biometric used need not be perfect, it just needs to be hard to mimic on the given card, for any suitable definition of hard - your mileage may vary.
As always, the trust placed into a system should be weighed against the risks. Since critical services like banking are often secured by two-factor authentication those services aren't of interest here.
The idea is really more about having slightly better security for day-to-day services like e-mail accounts, social networking sites, etc. You could say the proposal is too complex to merrit its existence and that may be true. I prefer low-tech whenever possible but would use such a gadget if it existed and had a reasonable price tag.
difficulty of replication is not that important. Basic security requirement is, you have to assume your security is compromised, and what is the next step. For example, early detection, quick notification, quick recovery, quick fix to block attacks.
If someone managed to copy your key and you have no way to construct another unique key, your security becomes useless and stay useless.
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.