Scott Harmon had dreamed of better password security for the City of Glendale. The assistant director of information services thought it was beyond his tight IT budget, until he read an article in an industry trade journal that made him do a double take. "Fingerprint systems were available for a few hundred dollars per PC. I thought they ran about $500 to $1,000 per device," he says.
Steve Richmond, Glendale's IT security analyst, began researching vendors and products. About a year ago, Richmond ultimately selected the U.are.U Pro Fingerprint Security System from Digital Persona Inc., which met the city's criteria: it's easy to use, requires only an available USB port, and lists for $150 per device. The unit works with any Pentium-class PC running Windows 2000, NT, Me, 98, or 95 (version 188.8.131.52 B).
"We heard good things about Digital Persona," says Harmon. The company had the highest market share for this type of solution, according to industry research at the time, he added.
U.are.U Pro consists of both hardware and software. The fingerprint sensor, which is smaller and flatter than a PC mouse, reads fingerprints at any angle, even upside down, according to the vendor. The sensor's cable plugs into a USB port.
In less than half a day, Richmond and Harmon had half a dozen fingerprint sensors and the Pro Workstation Software operating in the IT department. It takes about five minutes for a technician to set up a sensor on a PC, says Harmon. First, the technician installs the software on the PC, which replaces the logon screen with a U.are.U screen. New users then register one or more fingerprints, on one hand or both. The sensor requires four images of a finger to create a unique biometric signature. The technician must reboot the PC for each application he registers--in Glendale's case four times, for Outlook, Windows NT, NetWare, and the screensaver. Both the user and the PC administrator must register with each PC.
During a month of testing, the IT staff tried to dupe the sensors. They tried running a photocopy of a fingerprint over the sensor, as well as a latex imprint of a fingerprint. "The sensor couldn't be fooled," Harmon says. Even when Harmon accidentally took off a few layers of skin on the fingers of both hands when he acid-washed his pool, the sensor still recognized his biometric signature.
Encouraged by the testing, IT ran another pilot of U.are.U Pro in the police department, and soon rolled out fingerprint sensors to all 200 machines in the division. "Security is the police department's number-one concern. They don't want anyone wandering through the department to be able to access a PC," says Harmon. He reports that all the feedback from the police department has been positive.
To date, the City of Glendale has purchased and installed about 320 fingerprint sensors in five departments--IT, police, finance, redevelopment, and management services.
Thanks to the fingerprint sensors, the help desk no longer receives complaints about forgotten or lost passwords. This has freed up a half day for a full-time technician--a savings of about $20,000 a year. Given that the city invested about $45,000 in the fingerprint security solution, it can expect payback in about 24 months. What the city can't put a price tag on is the benefits of enhanced security and better protection of the city's data.
Replacing all passwords
Using the One Touch Password feature of U.are.U Pro allows administrators to replace all the passwords on each PC. At the City of Glendale, one fingerprint scan gets users into Windows NT, NetWare, Microsoft Outlook, and the PC screensaver.
The plan is to replace every city employee's PC's authentication routine with biometrics. Each division is responsible for purchasing its own copies of the product.
In the future, the IT department hopes it can afford the $1,499 U.are.U Pro Server Software that enables centralized administration and installation. Harmon also may buy sensor-integrated keyboards, and is waiting for some test units to arrive. "It will be cleaner. Users won't have to have another device on the desktop," he says.
For IT staff, replacing passwords with the fingerprint technology is a dream come true. "We have tighter security, it's easy for the user, and we have a satisfied audience," Harmon says.
Only one glitch
The City of Glendale uses PCs from Dell Computer Corp., primarily Dimension 4100s but also 8100s, and has a mix of operating systems, including Windows 98, 2000, and NT, and even a few Windows 95 machines.
When the city's IT department installed the U.are.U Pro fingerprint sensors on its client PCs, it encountered only one glitch--the fingerprint system interferes with the sleep mode on the Windows 95 machines, preventing a machine from coming out of sleep mode. Harmon alerted the vendor to the problem but wasn't able to get a satisfactory resolution. "We just decided not to install it on these devices," he says, which are few in number.
The only other issue for IT is having to inform users to periodically clean off their sensor with Scotch tape, the same way you'd remove lint from your clothes. Users touch the sensor an average of two to 15 times per day.