if ear shape is unique for each person, it'd be nice to use it as biometric auth in phones. no stranger would be able to pick up calls, like they now can! (in fact, there're too many problems with it, so probably infeasible)


i think using rings for unlocking phones would be a good idea. you put on a ring, bring your phone close to it and enter the unlock password. next time you touch your phone with that ring, it unlocks automatically. if you take it off, it detects that, erases the unlock password from its memory and stops working that way.

more reliable than a fingerprint reader, easily disabled (just take it off), can't be emulated like other biometrics, but doesn't require entering the password each time either

@hirojin yeah, something similar, but more portable and suitable for use with phones

@leip4Ier i have a Yubi key neo, with NFC, and… it takes forever to find that spot on the phone where the two will talk

if i had a wallet setup on my phone, i would've been robbed blind from 10m distance

but, yeah, I've been talking forever about jewellery with Yubi keys!
the solution i have so far works okay, but, could be better pixels.helpchangethe.world/p/m

@hirojin i see! interesting. does yubikey unlock the phone or just act as a u2f thingie for websites? i always thought that its nfc is only needed for the latter, and maybe gpg apps.

@leip4Ier i use it for 2FA and GPG, too paranoid to let something do flaky (in terms of NFC) and so easily stolen be used for unlocking

i also have a Firefox sticker over the fingerprint sensor ;)

Oooh so that's how the magical rings in fantasy/legends worked?

I knew magic wands were really remote control clickers, but you just discoverd what magical rings were.

@leip4Ier The take off to forget part reminds me of the Nymi band. It uses/used ECG readings as a biometric authenticator. You needed to touch the opposite finger for it to get a good reading and unlock. Then if the band was removed it would forget the key.


The company is still around, but I don’t think they ever scaled up production of the bands to commercial product levels.

@nbering hm, never heard about them. yeah, it's similar to my idea, but more secure (i wonder if it would reject the finger of an unconscious body?) and more suitable for a corporate environment than for personal use.

@leip4Ier Their threat model seems to be designed for facilities security. Basically, a replacement for RFID cards.

In that environment, putting the band on someone who is unconscious to try and unlock something is probably going to be noticed.

It’s an interesting thought… The same problem would seem to exist for fingerprints, or a ring.

If your threat model includes someone willing to render you unconscious for your secrets, perhaps the best mitigation is a body guard?

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.