Menu
I'm making a web application and would like to have a secure area where you can only sign in with your finger print. My original idea was to just use a usb barcode reader and you scan that, and it outputs the ID into a text box, but that's not very secure. So I want to use a USB fingerprint reader to maybe generate a hash for each person and store that in a text box instead. Which then will check that against a database with everyone's hash value. Does anyone know if there is a fingerprint reader out there that can do this, or of a way I can easily integrate a reader into a website?
EDIT: The Idea for this website is that it's like a login system (Sort of like how you can clock in and out if you get paid hourly) The idea is that no one can sign someone else in and out. IF you just use a password, than someone can just tell their friend the password who can type it in. That's why I thought of a fingerprint, or something similar... I'm open to other suggestions
Also, I'm using PHP
EDIT 2: The Basic idea, is I have to come up with a way to Prove someone was there by checking in. I don't want to use passwords, because then someone can just tell someone else their password to type in. Any other suggestions? It doesn't have to be fingerprints.
850
For quicker access to supported websites and apps in Chrome, you can sign in with your Chromebook PIN or fingerprint. You can sign in with a PIN or fingerprint if: The website supports WebAuthn, a secure web authentication protocol.
Restarting your phone can get rid of some minor issues, such as an unstable Wi-Fi connection, frozen apps, or a faulty fingerprint sensor. So, the best fix for your fingerprint sensor might just be restarting it.
The report says a fingerprint scanner can be "hacked" by using a picture of the target's fingerprint, creating a negative in Photoshop, printing the resulting image, and then putting some wood glue on top of the imitated fingerprint so it can be used to trick many commercial scanners.
Set up your fingerprintUnder “Security and Privacy,” select Screen lock and sign-in. Enter your Chromebook password and select Confirm. Under “Edit Fingerprints,” select Set up. Select Add Fingerprint and scan your finger with the fingerprint sensor.
Biometrics are a very bad way to do authentication for many reasons:
Biometrics are not secret. Every time you touch something, you're leaving your password laying around. Every time your picture gets taken your facial image / retinal image gets copied. Passwords have to remain secret to be useful.
Like Borealid said, Biometrics are never scanned exactly the same twice. So when you do matching, there has to be some kind of fudge factor in allowing input. This:
Just makes it easier for attackers to copy your data and replay it, since they don't have to get an exact match. An attacker only has to get close to get accepted.
It forces the authentication server to store the your biometric info in plaintext. You can't hash biometric data like you can passwords, since then you'd have to match exactly with the hashed value.
So don't do it!
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
