Location Taken: Caseville, Michigan
Time Taken: May 2008
I injured my thumb earlier this week, bad enough that it might end up with a small scar. I’ve had to wear a bandaid on and off for days, since this one has a tendency to tear open again, and isn’t healing fast. It’s been interesting discovering what I can and can’t do with a painful thump tip. Reading, using the computer, eating? Quite easy, don’t even notice the wound. Cutting things with knives, washing dishes? Painful. Opening packages of chips? That’s what tore open the wound one time.
But it has gotten me thinking about the human factors of security systems again.
Ok, I should explain the segue. Back in college I took a class in a building that had biometric locks to protect the computers from theft. You registered your hand the first day of class and the system would check various measurements each time to see if there was a match. Nice, simple, tough to spoof, right?
Well, the day before the first session of that class was the last time I seriously injured a finger tip. I’d caught my index finger in a heavy freezer door at work, and it made a serious rip that ended up leaving a scar you can still see today (if you know what you’re looking for, at least. Fingertips heal up well.) I had to wear a bandaid for weeks to keep it from tearing itself open again like my current wound is doing.
And, well, of course one of the things the biometric lock measured was shape of the fingers, and well, the bandaid changed the shape. I couldn’t be registered since my metrics changed every time I swapped the bandaid.
So for the weeks until my finger healed enough to be registered, I had to stand around outside the classroom and wait for someone else to come and open the door so I could slip in behind them. Which they were quite willing to do, of course. It’s only polite.
Now, in this case there was the added security layer that they knew I was in the class, but people did use this classroom when there was no class going on, to work on projects using the special programs installed on the computers, which meant a mix of people who didn’t know each other and thus no double check. And I really doubt the polite holding of the door habits changed during those times.
Theoretically all you’d have to do to steal those computers is wear a bandaid on a finger, claim you can’t get in so someone else holds the door for you, and then futz around on the computers until no one else was there. And then, of course, haul stuff out.
That’s probably why biometric locks didn’t really catch on that well. They’re a great concept. There’s nothing more secure than registering the exact people who can enter, right? Well, unless you’ve got some fancy device to prevent two people from coming in on one unlocking, you’re working against human nature. Both politeness and efficiency will lead to people holding the door open.
And really, as long as you’ve got that large of a weakness, you might as well go for the cheap option and just install a lock with a key.
