Everyone knows fingerprint-based security access systems are weak, because you can just cut off somebody’s fingers and use them to access the Top Secret Stuff.
So what about a system that uses eye/retina scanning technology to grant access? If some bold would-be thief/spy needs to get in somewhere that such a system is in place, and he scoops out the eyeball of someone who is on the approved access list, will he be able to get in? (Let’s assume the eyeball is as fresh as possible)
The title brings scenes of a radiation mutated giant eyeball doing battle with a robotic sentry to mind. Enucleated. Good for three Marvel movies at least.
That’ll depend on how the system is designed. If it just looks at the retina, a detached eyeball would reasonably work. If it additionally shines a light into your eye and checks that your pupil contracts, it should be dismemberment proof.
Would it be possible to circumvent this with a little salt and lemon juice? According to teh Intarwebs, applying these to dead fish can sometimes trigger muscle contractions. Maybe the same thing would cause a dismembered eyeball to constrict.
Maybe, I am not an expert on eye physiology. 
Thinking about it, a more robust solution would be this: the retinal scanner is located in a small antechamber. When the scanner detects a retina, the outer door (which should be bullet proof) closes. At the same time as the retinal scanner analyzes the retina it is presented with, one or more cameras analyze the general scene. If there is more than one person in the antechamber (potential hostage situation) or there is something else that is odd (such as the person there holding something up in front of their face) the doors remain sealed and security is notified.
The latest technique on TV crime shows is eyeball blood vessel patterns. They are supposedly unique to a person (and I think it said even identical twins have different patterns).
I would think that in an enucleated eye the blood vessels would be collapsed to the point of being unreadable. Or the vessels might get blown upon removal.
I recall an article many years ago about a bill changer (in a police station!!) that had to be removed because it was being used to give change to b&w Xeroxed copies of bills. The real question is, with any image scan security, what is used to scan, what is it looking for, and how easy is it to provide a simulated image?
One imagines a glass eyeball with a retina screen (sorry) on the back, capable of displaying whatever image is fed to it.
For what it’s worth, it’s considered best practice in security to rely on three factors: Something you have, something you know, and something you are. That is to say, you need to have a physical key object of some sort (which could be anything from a standard key to a USB dongle), you need to have a combination or password or the like, and you need to pass some sort of biometric examination like a fingerprint or a retinal scan.
How many factors is best for authentication depends a lot on the application. For low-risk scenarios, three-factor authentication is going way overboard. (For instance, it would be bothersome to use 3FA to unlock my personal mobile phone.) For the vast majority of scenarios, one- or two-factor authentication provides the right balance of security and convenience.
I have read articles about fingerprint and iris scanners that do some things to determine if what is being presented is a living body. Usually by looking at fluctuations in the scan caused by blood flow changes due to a beating heart.
I have read other articles saying it is not that hard or expensive to use gelatin to create copies of someone’s finger prints that you can put over you own fingers that will defeat finger print scanners and the temperature and heart rate sensors as well.
I don’t know about existing retinal scanners, but I think it would be very simple to combine facial recognition with a retinal scanner: a camera watches you as you walk up and position your eye against the scanner, and make sure that the eye is attached to the right part of the face, and perhaps even check if it’s the correct face.
Well, aside from the fact that nothing involving facial recognition is simple. But yes, it’s plausible that our computer technology nowadays has advanced to the point where that’s practical.
The disembodied eye would need to be very fresh, as in seconds. Without blood flow, the blood vessels that a retina scanner looks at in the eye will collapse. Also, in a few hours, something called “tache noire” will develop. This is a brown/black discoloration of the eye surface as it dries out.
Despite all that, retina scanners aren’t terribly popular as some people think the process is excessively invasive, dangerous, germ-spreading, etc. Iris scans are more popular as they can be done with an ordinary camera at a more comfortable distance, but they can be fooled as well.