Den 11. okt. 2017 22.47 skrev "William Herrin" <b...@herrin.us>:
On Wed, Oct 11, 2017 at 4:32 PM, Jörg Kost <j...@ip-clear.de> wrote: > Do you guys still at least have biometric access control devices at your > Level3 dc? They even removed this things at our site, because there is no > budget for a successor for the failing unit. And to be consistent, they > event want to remove all biometric access devices at least across Germany. > Hi Jörg, IMO, biometric was a gimmick in the first place and a bad idea when carefully considered. All authenticators can be compromised. Hence, all authenticators must be replaceable following a compromise. If one of your DCs' palm vein databases is lost, what's your plan for replacing that hand? Basic two or three factor authentication: something that you know (password), something that you are (biometric) and something that you have (access card). You can tell your password to a coworker but he can not borrow your hand. Hence you need both. The password is the replaceable part.
