• Training news
  • 2009 news archive
  • 2008 news archive
  • 2007 news archive
  • 2006 news archive
  • 2005 news archive
  • 2004 news archive
  • 2010
  • 2011
  • 2012

• Bookmark and share
  • Technorati favourite
  • Delicious
  • Digg
  • Reddit
  • Facebook
  • Stumble Upon

• Recent pages
  • Windows 7 tweaks and tips
  • Mobile Internet takes off
  • .NET for IT professionals
  • Looking beyond Windows
  • The rise of the e-book

Giving your PC the finger

Does Microsoft's release of its first wave of fingerprint recognition products herald a new mainstream era in security: biometrics?

01 October 2004

Way back in April, our article 'biometrics - coming to a LAN near you, soon' talked about how maturing biometrics solutions were finding a place on today's security-conscious networks.

Retina scanning, smart cards, facial and fingerprint recognition recently seemed to be the stuff of science fiction. But no more. When a company like Microsoft releases a raft of fingerprint recognition products, you know that the technology is going mainstream. But don't get too excited just yet - as we see later, even Microsoft itself isn't recommending fingerprint recognition for where "security is important".

First, the products. These are pretty cool and pretty much have you reaching for your credit card. There's the optical desktop, which has fingerprint recognition built into the keyboard. There's the optical mouse, where sadly the fingerprint recognition isn't built into the mouse but into an additional fingerprint reader (we guess there's too much risk of sloppy finger-work on the mouse keep logging you in and out of Windows). Finally, you can get a standalone fingerprint reader.

All of the technology works in pretty much the same way. You install the drivers and hardware, and from then on, you can replace many Windows logins with your fingerprint. The most obvious of these is the initial Windows login - the reader can, like Windows, accommodate various fingerprints as 'passwords' and log the correct person into Windows. If you have Fast User Switching enabled, touching the reader will change the login to that person.

But there's slightly more too it than that. When you visit a Web site that requires you to login, all you need to do is touch the reader again. You then enter your login details as you normally would and click okay. But, when you go back to that site, all that you need to do is touch the reader with your finger and your details are automatically entered. Neat - and pretty addictive. There's no doubt that this is convenient technology - once you've got used to it, you won't want to go back. And, you'll groan if you have to use someone else's PC, with good old-fashioned passwords (if you can remember them, after a few months of using the reader).

There's a really great demo on Microsoft's Web site. Watch it, and be prepared to want one.

But don't get too excited just yet - because Microsoft isn't promoting this as a security tool. That's right, scour the fingerprint recognition pages of Microsoft's Web site and you won't find the word 'security' mentioned once. In fact, if you hunt, you will find this rather sobering statement: "The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks. We continue to recommend that you use a strong password for these types of activities."

Which does leave one wondering several things, such as: how accurate is Microsoft's fingerprint recognition? How secure is the technology? How easily is it bypassed? Could Tom Cruise use your amputated fingers to gain access to your PC, as in Minority Report? If you add a reader to a PC, does that PC become less secure?

It's worrying, because, providing the implementation is good, how can fingerprint recognition be less secure than a username password - which can be stolen or guessed?

It's a shame - because the main reason that most people (and especially companies) will want to use this technology is security, not convenience. So, ten out of ten for cool; four out of ten for actual usefulness.

We suspect that Microsoft is just putting its toe in the water. The company has taken a lot of heat for security issues and probably doesn't want to float this kind of technology as a security panacea until it's had some kind of market testing. A year or so out in the real world will probably see most issues quashed and a second release of a more secure version of the technology which is more suitable for corporates to adopt.

Biometrics is still set to be the security of the future - and products like Microsoft's new range are the first steps towards the real mainstream.