Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Security

Submission + - Laptop fingerprint reader destroys 'entire security model of Windows accounts'->

colinneagle writes: If your password management system is to use your "fingerprint as your master password," and if your laptop uses UPEK software, then you'll not be happy to know your Windows password is not secure and instead is easily crackable. In fact, "UPEK's implementation is nothing but a big, glowing security hole compromising (and effectively destroying) the entire security model of Windows accounts."

On the Elcomsoft blog about "advanced password cracking insight," Olga Koksharova had bad news for people who thought they were more secure by using biometrics, a UPEK fingerprint reader, instead of relying on a password. UPEK stores Windows account passwords in the registry "almost in plain text, barely scrambled but not encrypted." It's not just a few that are susceptible to hacking. "All laptops equipped with UPEK fingerprint readers and running UPEK Protector Suite are susceptible. If you ever registered your fingerprints with UPEK Protector Suite for accelerated Windows login and typed your account password there, you are at risk."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Laptop fingerprint reader destroys 'entire security model of Windows accounts'

Comments Filter:

Real Programs don't use shared text. Otherwise, how can they use functions for scratch space after they are finished calling them?

Working...