JP Morgan Chase has told staff moving into its new headquarters in New York that they must share their biometric data to access the multibillion-dollar building.
The investment bank had previously planned for the registering of biometric data by employees at its new Manhattan skyscraper to be voluntary.
However, employees of the US’s biggest bank who have started work at the headquarters since August have received emails saying that biometric access was “required”, according to communications seen by the Financial Times.
Getting nervous about the general public are we?
Sow:reap
Lmao my thoughts exactly. Not just the general public, if enough Republicans get nervous and finally vote to subpoena those files, they might have to be legally taken by force.
Who had “If House Republicans would just fucking vote for accountability, the villain officially breaking the law and protecting pedophiles would be the CEO of a big bank?” on their bingo card. 🙋♀️
Curious why they would want to protect a pedophile protector and those bank files. Unless…?
“Survival of the fittest! It’s the natural order of things. Let nature take it’s cour… Hey, excuse me! You’re not supposed to be here without a biometric scan!”
LoL! This post is STUPID! WHY would Republicans vote AGAINST Pedophiles AND rich People? Those are their ONLY Voting Blocks!
They also have idiots, let’s not forget them
I don’t think so, these places are ones that have the “yes, actually mossad” threat vector to defend against.
Like the general public already wouldn’t get in.
Biometrics aren’t passwords they are usernames, passwords necessarily change I’m not changing my fingerprints or iris or bhole or whatever they want to scan. With how easy it is to copy someone’s bio markers vs stealing their password this would be a huge security risk if they want to use it for entry to secured facilities.
Biometrics are not usernames. They are physical identifiers and unlike usernames you can’t change them.
I used to work in a datacenter that required you to go through a mantrap to access. It required three things:
- Something you have (a card key)
- Something you know (a PIN)
- Something you are (biometrics)
To get to the datacenter floor you use a card key to open the door to the mantrap. It’s a small vestibule about the size of a phone booth. Once inside the door closes. You then enter your PIN on a keypad and place your hand on a biometric scanner. Once your hand is recognized the inner door opens and lets you into the datacenter. I was told the mantrap also weighed you and compared that with previous trips through to make sure somebody else didn’t sneak through with you.
It’s usually used as a second factor. You have your I’d card (something you have) and your bio (something you are). add that with a password (something you know) and you are pretty good
I hate it when people steal my eyes and I have to get new ones. My mother’s maiden name is so much more secure.
You think it’s easy to steal someone fingerprint or iris in a way that will work on scanners?
How?
Waiting for a penis scanner.
Nothing stopping you from registering your penis on a fingerprint scanner as a fingerprint haha. Maybe just the ability to reach where the scanner is.
I have one of those. It’s called a wife.
How extensive is her database?
Infinite, as far as I can appreciate.
Staff: “But we don’t have to if we work remotely, right.”
JP Morgan Chase: “No remote work.”
Ooooh. I wonder what I can get into if I kidnap the ceo and scoop out an eyeball?! So exciting.
I feel like there’s some kind of middle ground between the notoriously insecure HID style building access card and providing biometrics.
I wonder if this has anything to do with a RTO push and people badging in for others. But then VPN usage would show that…
Are you telling me you don’t VPN into the office when you arrive to the office?
At one place I worked that was considered our two-factor auth….
Well, I do. But it’s because the security layers on the wifi are more strict than on the VPN to such a degree that I can’t actually connect to it from my work laptop.
If you can connect to the company vpn from the companies WiFi, they’ve configured their networks wrong.
Some companies do “internet only” wifi where there is no routing to internal services for anyone, radius or not. A VPN is required, even when at work, to access anything internal wirelessly. Its a perfectly reasonable config that lowers the risk of breach of your internal network by exposing less of it over the air.
This is also the nominal config for most zero trust networks, but that’s more a consequence of the “always on” nature of those VPN connections since you never have unencryted traffic anywhere, regardless of origin point.
Yeah that’s a good point. I work in a space that’s still very much traditional networks with tiered enclaves accessed by strictly controlled company owned machines, so I tend to forget that zero trust networks and being your own pc places exist tbh.
Our servers are in a data center and not in the office building. We work remote most of the time and are only in office for important meetings and other things where it’s just easier to work together when sitting on the same table. If you don’t work with confidential data like HR or top management where you have physical things nobody else should see, you don’t have a personal desk because there are more people working than workplaces.
So the office is just “another place to work”. Wifi and LAN are just for internet, you can’t access internal services without VPN. Makes it way easier to manage instead of having to different routes to maintain.
Not quite like that. There is an internal wifi that I can’t get onto, and a public “guest” wifi that half of the tech staff uses and VPNs from.
Basically the protected wifi only really works on locked-down windows machines, and those aren’t usable for most developers. It’s mostly mac and linux there, and while the protected wifi is supposed to work on those, the IT staff don’t know how.
Ah. That makes more sense.
locked-down windows machines
I’ve worked in IT since we used Netware with Windows 3.1
While I totally get what’s being said, it still makes me chuckle.
Maybe I should, to establish a pattern.
But then I’d have to go to the office. Ew. HR is there.
2FA the access card? Swipe your badge, receive a prompt on your phone “Are you trying to badge in at $BUILDING?”, hit allow, be granted access to building.
Another option would be badge + PIN code.
i take this to mean “shit on the fingerprint scanner”
Oh no, those poor innocent investment bankers
Im hoping for the breath access from aliens. Seemed so stupid that it might work?
Fire me
Biometric access requires staff to scan their fingerprints or eye to gain access through security gates in the lobby instead of swiping their ID badges.
You could not sign me up fast enough to be able to open my office’s door with my fingerprint or eye.
The systems that handle biometric logins for gigantic companies are usually pretty bulletproof and have been audited many times.
I’m guessing people on here will think this is the second coming of the devil though lol. I can only imagine the outrage if FaceID/TouchID didn’t already exist on phones and Apple/google/etc added it in 2025 🤣
