Instigator / Pro
DynamicSquid's avatar
4
DynamicSquid
1566
rating
29
debates
56.9%
won
Topic
#1635

Biometrics are preferred over traditional passwords

Status
Finished

The debate is finished. The distribution of the voting points and the winner are presented below.

Winner & statistics
Better arguments
0
3
Better sources
2
2
Better legibility
1
1
Better conduct
1
1

After 1 vote and with 3 points ahead, the winner is...

Zaradi
Tags
Technology
Parameters
Publication date
Last updated date
Type
Standard
Number of rounds
3
Time for argument
Two days
Max argument characters
5,000
Voting period
One week
Point system
Multiple criterions
Voting system
Open
Contender / Con
Zaradi's avatar
7
Zaradi
1558
rating
4
debates
100.0%
won
Description

"Biometrics" - Using one's unique body signatures to identify individual people
"Preferred" - Would be better for society
"Traditional Passwords" - 1 2 3 4 5

Please refrain from juxtaposing biometrics or traditional passwords with ones of the historic past, or distant future. Limit your time span within reasonable lengths.

Round 1
DynamicSquid's avatar
DynamicSquid
Pro
#1
Hello Zaradi and thanks for accepting. Let's delve right into this.


I. Outline

Burden of Proof

Round 1 - My first argument
Round 2 - My second argument, and clash
Round 3 - My third argument, and clash

Arguments

1. Safe and Secure - What are the safety advantages of having biometrics?
  • Passwords are more unique
2. Convenience - How will biometrics be more convenient than traditional passwords?
  • Easier and faster to access
  • You can't "forget" your fingerprint
3. Saves Money - What are the economic benefits to having biometrics?
  • The ROI will easily pay for the implementation

II. Context

First, let's get to know what the problem it. What's wrong with traditional passwords?

  • By 2020, there will be 300 billion traditional passwords
  • 95 traditional credentials and passwords are stolen every second
  • 200 000 web logins get stolen every week. This includes traditional passwords found on websites and mobile apps
  • 3 out of every 7 people will have their passwords stolen at some point in their lives
But why is this a problem?

  • Stolen passwords will cost an estimated $6 trillion in damage by 2021 

III. Biometric Security

Now I will be getting into my argument about why biometrics is safer than traditional passwords.

  • Top researchers and scientists took 5 weeks to physically trick a hand scanner. 5 weeks!
  • The accuracy of fingerprint scanning  for most systems is well beyond 95%
  • Accuracy increases exponentially with more fingers -- Three fingers will result in an 100% accuracy
  • No two sets of biometric data is, or will ever be alike

IV. Conclusion

As you can clearly see now, biometric authentication is way safer than traditional passwords. I will be elaborating on this argument, along with introduction a new one, how it can be way more convenient.

Good luck!
Zaradi's avatar
Zaradi
Con
#2
Keep in mind three things:

  1. He provides zero sources to back up any of his factual claims. You should view his arguments extremely skeptically because of this. Compound this with him not unveiling all his constructive arguments in the first round, thus giving me less time/space to make responses to them, and you should be extremely doubtful of the validity of his claims. 
  2. This debate is on which is better for society overall.
  3. The debate assumes we use only one type of security rather than layering things. You should look at the advantages of a type of security on it's own rather than combined with something else.

ARG 1: Hackability

Say I come up with the password 'Hunter2', for full meme value. So long as I don't tell anyone else what this password is, it's private - only I have access to it. Barring sophisticated hacking skills, which your average person doesn't have access to, this password is secure. 

Biometrics, however, have a fundamentally impossible hurdle to clear - the key to the biometric lock is publically available. We leave our fingerprint on everything we touch. Our face and eyes are recorded by camera everywhere we go. Even our voice is recordable. So how do you use it to hack a biometric lock?

It's already been done. Just months ago, scientists in China discovered a cheap and effective way to bypass the 'aliveness detection' test on biometric locks using a pair of reading glasses, and black and white tape[1]. The knowledge of how to set up keyloggers and other complex means of stealing traditional passwords are out of reach of the common thief. A trip to Walmart, however, is something anyone can do.

Few key things to emphasize here - 

  1. Prefer my evidence for the lack of security of biometrics over his 'III' argument since I've cited my evidence validating my claim. He's yet to show any kind of evidence backing up his claims. 
  2. Prefer my analysis on the ease of hacking biometrics over his (unsourced) stats of how many traditional passwords are stolen - I've outlined the specific method and how easy it is to do. This is something that any common person can do, which magnifies the threat and impact to hacking biometric locks.

ARG 2: Impact

Aff makes a single claim for the impact of "stolen passcodes" costing $6 trillion by 2021. This claim is extremely problematic, at best.

  1. There's no source to this claim. 
  2. There's no context behind this claim - what is costing money? Who's money is being lost? How is money being lost?
  3. This claim is intentionally misleading - it's an estimate of the future, and doesn't make any claim as to damage done in the present.
  4. This claim doesn't make sense - how does me stealing my buddy's Twitter password cost someone/thing $6 trillion?

Biometrics, however, protect things of national importance[2]. With a stolen password, the worst harm is someone posts something embarrassing on Facebook posing as me or orders a bunch of pizza on my dime. When biometric locks are hacked, lives are ruined and identities are stolen and destroyed. You pick which is worse.

ARG 3: Reversibility 

The damage of a stolen password is relatively simple to fix - reset your password. This kicks the hacker out and forces them to re-hack your account to gain access again.

Biometrics lack this, however. I only have one fingerprint, or one eye. I can't just get another - they're a part of my body. If my biometric lock is hacked, the only recourse I have to re-secure my account is to ditch the biometric lock in favor of, you guessed it, a password. 

Sources:
Round 2
DynamicSquid's avatar
DynamicSquid
Pro
#3
Hello and thanks for following through. Let's get right into it...


I. CLASH

My opponent stated...

He provides zero sources to back up any of his factual claims
I completely forgot about sources. I did keep a record of all my sources, but then I got sidetracked, and yeah. My bad. You can now find the sources I used in the comments section (I might of missed a few through), and rest assured that I'll use them this time.

not unveiling all his constructive arguments in the first round
Well, there wasn't really a structure that you have to follow for this debate, and I even said that I will be splitting up my arguments into different rounds. I don't see a problem here.

So long as I don't tell anyone else what this password is, it's private - only I have access to it.
Let's break this statement down. First, you stated that if you don't tell anyone your password, then you are the only person that has access to your password. But that's what hacking is! It the process of (according to Google) "gaining unauthorized access to data in a system or computer." Hacks don't happen because we openly tell our passwords to everyone, hacks happen because someone gained unauthorized access to our passwords. There are many ways to get someone's password without them telling you. Why do you think thousands of passwords are stolen every day? Is it because thousands of people publicly announce their passwords? Oh, and keep in mind that it's also not limited to personal accounts. Companies and corporations get hacked too. Major databases and servers are also susceptible to hacking.

Barring sophisticated hacking skills, which your average person doesn't have access to, this password is secure.
"hacking skills [..] average person doesn't have". Well, of course regular people don't have hacking skills. Surprisingly enough, most hacks, or all hacks, are done by ... hackers. Who would of thought? "this password is secure". Like stated earlier, there are many ways hackers can hack passwords, and not just passwords. Data bases, servers, etc.

We leave our fingerprint on everything we touch.
Fun fact for you, most high end fingerprint scanners read the veins underneath the skin. And even if it is surface level scan, fingerprints are actually surprisingly hard to find, and difficult to use, especially in a crowded area. And once you have a two or even a three fingerprint lock, it's almost impossible to break in. 

scientists in China discovered a cheap and effective way to bypass the 'aliveness detection'
Break into a compound, knock out the security guard, put the glasses on, oh, and bring the glasses, and see if it works. Oh, and you have to do it before the police arrive. This sounds more like fiction than real life (check link in Con's speech to what I'm talking about, and see comments for a video demonstration of how it works).

Ease of hacking biometrics [..] I've outlined the specific method and how easy it is to do. [..] Any common person can do ...
So you're saying that after only checking two links, you are confident enough to hack any biometric authentication systems that uses: DNA, ear, iris, retina, face, fingerprint, finger geometry, hand geometry, gait, odour, typing patterns, vein, voice, signature, and more? That's a pretty bold claim. Oh, and keep in mind, that not all biometric authentication devices are the same, and when combining two authentication data, it becomes almost impossible to hack, or in this case, forge.

This claim doesn't make sense - how does me stealing my buddy's Twitter password cost someone/thing $6 trillion?
Again, another uneducated statement, which could be easily avoided with some proper research. Remember, hacks on traditional passwords also include unauthorized access to data, not just basic web logins. Hackers can steal your banking info, private credentials (social security number), fake being someone else to gain their benefits, and more. Also keep in mind that large corporations can get hacked too. The cost of repairs, retribution, investment loss, all add up to the cost.

The damage of a stolen password is relatively simple to fix - reset your password.
And have it hacked again. Oh, but it's already too late, your bank account just got stolen...

I only have one fingerprint, or one eye
What? I don't know about you, but I have 10 fingerprints and 2 eyes. Also, biometrics isn't as easy to hack as traditional passwords, so the chance of you having to reset it is very low.



II. CONCLUSION


It appears that I don't have space for my second argument, so I promise, I really do, that I will get to it in my next round (please don't penalize me).

Overview:

In this speech, I have thoroughly supported my case through numerous facts and statements, compared to my opponents unrealistic and uneducated claims, and his two links (my links are in the comments). I would highly advise for him to delve deeper into researching this topic.

Thank you.
Zaradi's avatar
Zaradi
Con
#4
- Theory -

Extend my argument that it's super unfair for him to hold arguments in reserve to the end of the debate because that gives me less time to be able to make responses to them so that we can, y'know, debate. His only response is that he didn't set up any explicit structure to the debate so it's okay but that doesn't address the fairness concern. Fairness is important because it's impossible to determine a winner and loser if the debate is skewed. Don't let him make new constructive arguments in the last round of the debate as I can't make new arguments to respond to them. 

Also, don't allow him to get away with posting sources in the comments. This lets him bypass the 5k character limit that he set up when he made the debate. And don't let him say I can just do the same thing as I already had to spend room in my last round listing sources where I could've made more arguments so the damage is done. This is a game-over mistake because it means literally none of his arguments have any evidence to back it up - I'm the only one with valid cited sources.

- Hacking -

Extend my argument saying that biometrics are fundamentally more hackable because the key to the lock (face, fingerprint, etc.) is publically available. And extend the evidence saying that things as simple as reading glasses and tape can bypass these locks, making them infinitely more vulnerable than a password. He makes two responses to this:

  • Hackers exist -
  1. At best this is non-unique. He's not denying that biometrics are hackable as well, so whether or not something can be hacked is a wash.
  2. At worst, it's a reason to vote neg rather than pro. Not everyone has the capabilities to hack a phone or computer. But anyone can go to Walmart and pick up some cheap glasses. This makes the risk of hacking far higher for biometrics which is a net negative.
  • Biometrics are harder to hack -
  1. Look back to my source. The most difficult part that they listed was that "you don’t want to wake up the victim"[1]. Hardly the elaborate story he wants to paint.
  2. Even if what he says is true, his own sources list ways to bypass this problem, such as "master prints" that can unlock a majority of devices and attacks on the databases housing the biometric data[3][4]. If anything this is a reason to vote neg rather than aff, because his arguments provide the illusion of security rather than actual protection, which could lead to people being more careless with their devices, making it easier for would-be thieves.
This section is super simple - either biometrics have more risks associated with them, making them higher risk to be hacked, or both sides are capable of being hacked and this section's a wash, and you look to the impacts and reversibility arguments.

- Harms - 

Extend my argument saying that biometrics are used to protect far more important things in scope than simple passwords, meaning that the damages from hacking are far more severe than money loss - people's lives are destroyed. He makes no response to argument. Don't let him make a new response to it in the last round. This is a clear neg vote.

Moreover, examine his source for how much money is lost due to hacked passwords[5]. There's literally nothing in this article that specifies damages from traditional passwords, rather it only says its damages from "cybercrime". This means his only impact applies just as much to him as it does me. It's non-unique. Clear neg vote here.

- Reversibility -

Extend my argument that it's far easier to repair the damage from a stolen password than it is from a hack biometric. This means that once your biometric lock is broken, there is no repairing the damage - you can't just get a new eye or a new finger. His only response is a joke saying he has 10 fingers, but his own sources say that this is a legitimate problem[3]. This argument is effectively dropped, don't let him make a new response in the final round. Clear neg vote.


- Summary - 

Aff tries to get away with a lot of unfair stuff, like using character space outside the round and holding arguments back to give me less time to respond to them. But he's super far behind everywhere else in the debate. Biometrics are just as vulnerable to being hacked, if not more so, and once hacked do more damage than if it were a standard password. Clear neg vote.

Sources:
[1] - See Round 1
Round 3
DynamicSquid's avatar
DynamicSquid
Pro
#5
Hello and thanks for responding. Let's get straight into this...


I. CLASH

My opponent stated...

- Theory -
Posting links in the comments is bad? And if you're out of ideas for your speech, argue with my outline, or reinforce/expand your existing arguments. And what do you mean "I'm the only one with valid cited sources"? Do you not see the links in my speech? Do you not see the links in the comments?

Nothing of what you've stated here is a big deal, and you're exaggerating it, making it sound like a "game-over mistake".

If something bothers you, please let me know, instead of juxtaposing it with your standards. Remember, I didn't specify a format to this debate...

biometrics are hackable as well
Yes, they are, but they don't get hacked 95 times per second.

But anyone can go to Walmart and pick up some cheap glasses
This doesn't work with fingerprints.

The most difficult part that they listed was that "you don’t want to wake up the victim"
No, the most difficult part is praying that the facial recognition system is the same one used in the test. Oh, you also have to make sure that there even is a facial recognition system in the first place. What about all the other biometric authentication systems I listed?

biometrics are used to protect far more important things in scope than simple passwords
Why? Because they are proven to be better for the companies that use them. You just contradicted yourself.

biometrics are used to protect far more important things in scope than simple passwords, meaning that the damages from hacking are far more severe
You misunderstand the topic. We're not comparing systems that already use biometrics, to systems that already use traditional passwords. We're saying that biometrics would be a better alternative to traditional passwords.

And imagine if those biometric systems were switched out for traditional passwords. Yikes!

There's literally nothing in this article that specifies damages from traditional passwords, rather it only says its damages from "cybercrime"
If you had done some research into it, like I advised, you would of found that a majority of the cyber crimes that they reported actually traced back to traditional passwords. If you clicked on the first study linked, and then research on each of the individual data breaches, you can find a lot of information. For example, the 2017 Equifax data breach could be partially traced back to traditional passwords. It wouldn't have been possible with secure biometric authentication.

You should trust my sources and do some research on your own, instead of questioning everything I talk about, otherwise this will lead to an endless back and fourth talking about off-topic source validation.

Don't let him make a new response to it in the last round. This is a clear neg vote.
Why are you saying all these negative things about how I should write my speech?

you can't just get a new eye or a new finger
Well that's why you have multiple. And what about blood vessels or iris? What about your retina or geometry? Even if fingerprints are useless, you still have so many more options.

don't let him make a new response in the final round [...] Aff tries to get away with a lot of unfair stuff
Why do you keep, in a way, attacking my speech, and accusing me of "unfair stuff"? If something isn't clear, tell me in the comments, instead of taking out your anger and wasting time on your own speech.


II. ARGUMENTS


Convenience - How will biometrics be more convenient than traditional passwords?

Here's an interesting study done by VISA:

  • 60% of people surveyed abandoned an online purchase because they forgot their credit/debit card
  • 32% forgot their password
Many studies confirm this.

As you can see, forgetting to bring your debit/credit card, or forgetting your problem is very common. According to Alex Simons, the director of Microsoft's identity division:

Passwords are the weak link [...] they're hard for you to keep track of
Biometrics can stop all of this. You can't forget your finger geometry or your vein structure.


Saves Money - What are the economic benefits to having biometrics?

Like stated earlier, forgotten passwords and related cases cost companies a lot. According to Okta:

IT needs to verify the identity [...] track down all the places where the password needs to be changed
  • Large companies spend $70 per password reset
  • Microsoft's IT spends $2 million a month helping people (and their own employees) to change their passwords
And like I stated earlier, you can't forget your biometrics, guaranteeing a ROI to the company or organization.


III. CONCLUSION

Society is advancing, and so are hackers. We need new and better solutions for the 21st century, and that solution lies within biometric authentication.

but ultimately the [traditional] password appears doomed in the face of a truly 21st century alternative - TNW
Please note all the wasted space Con used to try and attack my speech, and note how my cited information and countless facts and example outweigh his.

Thank you.
Zaradi's avatar
Zaradi
Con
#6
There are a lot of key drops made in my opponent's last round that make this debate super clear-cut.

- Theory -

Extend the argument I made that he shouldn't be allowed to make arguments in the last round as it gives me less time to respond to them so we can actually have a debate. He says it's fine because he didn't define a set structure, but he doesn't respond to the argument for fairness. This means his convenience and cost saving arguments shouldn't be weighed when voting.

And extend the argument I made saying he shouldn't be able to post sources outside of his round (i.e. in the comments) because it sidesteps the 5k character limit he made when making the debate. He makes no response to this, which is a game over mistake because his entire first round (i.e. his case) has zero sources. This means you're preferring my arguments to his. 

- Convenience/Savings -

You don't evaluate either of these new arguments since I'm winning the theory debate. But even if you don't buy the theory arguments I'm making...

  1. He's not giving you any reasons why these arguments matter. There's no impact to be found here.
  2. Forgetting your password is good as it forces you to reset your password, which increases account security and makes it harder for your account to be hacked. This means you vote for me rather than him off this argument.
  3. The harms of having your account hacked outweigh the cost a company has to pay to reset someone's password.

- Hacking -

Extend the second argument I made under "Hackers exist" that says that people are finding low tech ways to bypass biometric locks (i.e. reading glasses and tape). This means that the possibility for crime involving biometrics is a lot higher than traditional passwords because not everyone knows how to hack a phone, but anyone can go pick up a cheap pair of glasses.

And extend the second argument I make under "Biometrics are harder to hack" that says his own sources show multiple ways to hack a biometric lock without needing anyone's finger or eye, such as master prints or hacking the databases where the data is stored. This is a reason to vote neg rather than aff because his arguments of "oh you can't forget your finger" and "how do you get your eye stolen" only provide an illusion of security rather than actual protection. This could lead to people being more careless with their devices and make it easier for thieves to gain illegal access.

Both of these arguments go dropped from the last round. These are clear places to vote neg. 


- Harms -

Extend the argument I make that biometrics are used to things that are usually more valuable than a basic Twitter or DART account, meaning the results of them being hacked are catastrophically worse than when a traditional password is hacked. The only response he makes is that I contradict myself saying this but -

  1. This is a completely new argument and should've been made a lot earlier if he wanted it to have any credence.
  2. Wut? No I don't. You can control+f his statement ("Because they are proven to be better for the companies that use them.") and you won't find it anywhere in my rounds. Nor is this what my source says.
This section is a clear neg vote.


- Reversibility -

Extend the argument I make that it's easier to repair the damage when a traditional password is hacked than when a biometric lock is hacked, and that his own source agrees with me. He can make all the jokes he wants to regarding having more than one eye or finger, but when his own sources say that it's an issue, he should probably be making more effort to respond to this argument.

He makes no effort to respond to this argument, however. It goes completely conceded. Clear neg vote.


- Conclusion -

This debate is a pretty clear read. Biometric locks are just as hackable, if not more so, than a traditional password is. The damage suffered from a hacked biometric lock is worse than a hacked password. And it's easier to repair the damage from a hacked password than it is to repair the damage from a hacked biometric lock.