Good for you. When I say I won’t use stuff like this my friends and family mock me for being paranoid. It’s disturbing how quickly people will just do something because it seems cool and/or convenient.
You can change your password if it gets compromised. You can’t change your bio-metrics. Once a digital version of your retina, fingerprint, palm print, whatever gets leaked…you’re screwed.
I know they claim these things are locked away in HSM devices, but I don’t care. You’re trusting every single engineer, coder, tester, and mid-level manager with access to these things. It’s a long chain of trust in the typical “rush it out the door” corporate environment.
Real security and QA are the last things on their minds when they develop this stuff.
Good for you. When I say I won’t use stuff like this my friends and family mock me for being paranoid. It’s disturbing how quickly people will just do something because it seems cool and/or convenient.
You can change your password if it gets compromised. You can’t change your bio-metrics. Once a digital version of your retina, fingerprint, palm print, whatever gets leaked…you’re screwed.
I know they claim these things are locked away in HSM devices, but I don’t care. You’re trusting every single engineer, coder, tester, and mid-level manager with access to these things. It’s a long chain of trust in the typical “rush it out the door” corporate environment.
Real security and QA are the last things on their minds when they develop this stuff.