Disclaimer: Privileged & confidential information is contained in this message (including all attachments). If you are not an intended recipient of this message, please destroy this message immediately and kindly notify the sender by reply e-mail. Any unauthorized use or dissemination of this message in any manner whatsoever, in whole or in part, is strictly prohibited. This e-mail, including all attachments hereto, is for discussion purposes only and shall not be deemed or construed otherwise unless expressly stated. Any views or opinions presented in this email are solely those of the author and do not necessarily represent that of NJ Group of Companies. This communication, including any attachments may not be free of viruses, interceptions or interference, and may not be compatible with your systems. You should carry out your own virus checks before opening any attachment to this e-mail. The sender of this e-mail and NJ Group of Companies shall not be liable for any damage that you may sustain as a result of viruses, incompleteness of this message, a delay in receipt of this message or computer problems experienced. This message has been scanned for viruses and dangerous content by NJGroup Email Server, and is believed to be clean.
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/2b026406-afbc-4b26-b034-e4ef93d2b5c1n%40fidoalliance.org.
The point is well taken. A problem exists however in that a FIDO authenticator in the wrong hands is but a gesture away from compromised account. So then there seems to be some merit to combining bio auth with FIDO auth and indeed others are advocating this approach. However, as you might point out, bio such as fingerprint or face scans have their own pitfalls. Of course bio use in conjunction with FIDO will vastly improve things, but the committed attacker can still prevail. Additionally, it is an understood fact that once a biometric is compromised it is forever lost. An alternative might be combining a variant of bio such as behavioral human traits identity recognition with FIDO? Would this not achieve the objectives of singularity of use with FIDO auth assurances and do so without risk of compromised bio?
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CACHSkNr940A0a%3D276grfJJ8brjXFCOtJ28FR4FdG7Pmq-bSgXw%40mail.gmail.com.