It freaks me out. Something about a password stored on the outside of my body doesn't sit right with me. Anyone who has access to me has access to my password.

I don't know how far the technology has come, but a few years ago consumer fingerprint scanners could give false positives and let someone else in. Windows 10 is pushing this "smile to log in" thing with special certified cameras, and immediately twins jump to my mind, as well as holding up an HD phone with a video of you smiling.

Am I just paranoid?

Yes, you do seem paranoid about your systems security. And no, I have never said that was a bad thing.

Most people I talk to about this are all for it, not the slightest bit concerned about the issues I bring up. It just seems odd to me that in an age of people overly obsessed with privacy, this is the one thing that people aren't concerned about.

If Obama would stop taking away our guns, then we wouldn't have this problem.

ResidentBiscuit wrote:
If Obama would stop taking away our guns, then we wouldn't have this problem.

I don't see how this is relevant at all?

I agree with you LB, the whole nobody but you can log in is just a lie when using biometric login. After all, The Avengers teaches us that it is easy to steal someone's eye and use that to get through a secure biometric login. But seriously, it's easier for someone to find a picture/video of you smiling than to obtain your password if you use a secure one. A similar thing is I can't remember who does it but there is a system you can now get where you register all your accounts for as many websites as you want under a four number password so that you can log on easily. Which in turn means that all of your accounts online are accessible by anyone who can work out a four digit number, which is much shorter than most websites demand for a password.

The way I see it is that if someone has physical access to my computer I probably already have problems, regardless of how they intend to login to it. I think biometrics can be nice for 2 or 3 factor authentication mechanisms, but I have to agree that using them as the sole method is flimsy.

@ shadowmouse: That almost sounds like LastPass, although you can have longer passwords.

@ ModShop: Encrypting the drive mitigates the chance of someone accessing your disk in offline mode.

@ LB: I'm glad you're starting to see it then. People today aren't obsessed with privacy. The only thing that they are obsessed with is a feeling of safety, no matter how much of an illusion it is. Look at the recent stuff with that company LifeLock, the Feds called BS on their entire operation for the second time since its inception. Yet they still maintain enough of a customer base not to have to close shop and enough of an image not to have to even change their name. As long as you can comfortably walk that rather broad line between concerned operator and tin foil hat enthusiast, you'll be better off than 90% of the people out there.

A very simple article on security:

https://pciguru.wordpress.com/2010/05/01/one-two-and-three-factor-authentication/

I find it disconcerting that people still think a long or difficult to remember password alone is reasonable security for anything that is "really" important.