Skip to content

Instantly share code, notes, and snippets.

@m8urnett
Last active April 26, 2016 02:59
Show Gist options
  • Save m8urnett/7c8aae0ee6c99d7b11316849754a3f25 to your computer and use it in GitHub Desktop.
Save m8urnett/7c8aae0ee6c99d7b11316849754a3f25 to your computer and use it in GitHub Desktop.
Passwords Biometrics
Difficult to remember Don’t have to remember Check
Requires unique passwords for each system Can be used on every system Check
Nothing else to carry around Nothing else to carry around
Take time to type Easy to swipe/sense Check
Prone to typing errors Prone to sensor or algorithm errors
Immune to false positives Check Susceptible to false positives
Easy to enroll Check Some effort to enroll
Easy to change Check Impossible to change
Can be shared among users 1 Check Cannot be shared Check
Can be used without your knowledge Less likely to be used without your knowledge Check
Cheap to implement Check Requires hardware sensors
Work anywhere including browsers & mobile Check Require separate implementation
Mature security practice Check Still evolving
Non-proprietary Check Proprietary
Susceptible to physical observation Susceptible to public observation
Susceptible to brute force attacks Resistant to brute force attacks Check
Can be stored as hashes by untrusted third party Check Third party must have access to raw data
Cannot personally identify you Check Could identify you in the real world
Allow for multiple accounts Check Cannot use to create multiple accounts
Can be forgotten; password dies with a person Susceptible to injuries, aging, and death
Susceptible to replay attacks Susceptible to replay attacks
Susceptible to weak implementations Susceptible to weak implementations
Not universally accessible to everyone Not universally accessible to everyone
Susceptible to poor user security practices Not susceptible to poor practices Check
Lacks non-repudiation Moderate non-repudiation Check

1 Can be both a strength and a weakness

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment