http://www.beatnic.co.uk/2005/02/18/chipnpin/ Observations and questions from Nic Price Wed, 3 Dec 2008 09:03:50 +0000 http://wordpress.org/?v=2.5.1 http://www.beatnic.co.uk/2005/02/18/chipnpin/#comment-87 Paul Richards Wed, 23 Feb 2005 00:14:58 +0000 http://www.beatnic.co.uk/?p=20#comment-87 The problem with it for me, and why it still feels insecure (though less so than the signature validation thing) is that a number string is not really unique to the individual it is attached to. It "feels that way", as if you own the number, but it does not really uniquely identify you. It only identifies you defensively/negatively and by default in that it relies on the owner NOT to reveal it. So, to my mind, the system is still fundamentally open to abuse...Though, as you say, making the input process less publicly visible would certainly help. To my mind, something like fingerprint, or eyeball detection would be much better, though to be implemented on the mass market would be a major undertaking and probably degenerate in to farce. Also, if you have ever seen Charlie's Angels the movie (the first, not the sequel), then you will recall it is theoretically possible to steal somebody's eyeball print! -): But maybe you need to be Cameron Diaz to pull it off. The problem with it for me, and why it still feels insecure (though less so than the signature validation thing) is that a number string is not really unique to the individual it is attached to. It “feels that way”, as if you own the number, but it does not really uniquely identify you. It only identifies you defensively/negatively and by default in that it relies on the owner NOT to reveal it. So, to my mind, the system is still fundamentally open to abuse…Though, as you say, making the input process less publicly visible would certainly help. To my mind, something like fingerprint, or eyeball detection would be much better, though to be implemented on the mass market would be a major undertaking and probably degenerate in to farce. Also, if you have ever seen Charlie’s Angels the movie (the first, not the sequel), then you will recall it is theoretically possible to steal somebody’s eyeball print! -): But maybe you need to be Cameron Diaz to pull it off.

]]>