Slashdot: ASUS facial recognition "security" broken

I know I said it many times, and that everyone who thinks a little bit about it finds it obvious. But now it's on slashdot!

http://it.slashdot.org/it/09/02/17/216216.shtml
TFA: http://www.darkreading.com/security...IHD2DCQSNDLRSKHSCJUNN2JVN?articleID=213901113

Summary:

 

"...by using photos of an authorized user..."

haha...

There is nothing you can do for that AFAIK. Fingerprint works because you cannot have a copy of someone else's fingerprints but for facial recognition you may find the remedy on facebook.


--

 

lol. turned it off a few days back wen someone else logged in to my account wen i wasnt there.. Checked face recognition photo log and there it was the photo of someone else who was recognized as being me.. that too in the first attempt

 

Even fingerprints can be spoofed (it's a bit more difficult yes but it can be done).

Bottom line is: use a strong password. Forget about fancy, but useless biometric techniques. Reliance on bad security is worse than not having security at all.

Also, if anyone gains physical access to your computer (think opportunist thief), then two reliable ways to protect your data are:

a) ATA password for the HDD (set both the user and master password). Unfortunately ASUS BIOSes are rather lacking in this respect, and many don't support these features. With ATA user and master password set, the only way to recover data is in a cleanroom by removing the platters of the HDD.
b) Use encryption (TrueCrypt is best). The only way to recover the data is using the password that generates the encryption key.

Do NOT EVER forget your passwords if you use these features! Your data will be gone along with the password.

An administrator password (together with all the biometric auth) is useless if a thief has your HDD. The thief simply has to plug the HDD into another computer, or run a live CD on the same computer, to get to your data.

 

There was a user on this forum about 1 year back who did the same.