Security with bite: 15 technologies tested

Summary:In this special review, we round up the various authentication devices on the market. From fingerprint scanners, to single sign-on software and biometric technology -- we have the authentication market covered.

Authentication vs authorisation
Passwords and token devices
Single sign-on
Smartcards/Proximity Cards
Smartcards (cont.)
Biometrics (cont.)
Digital Certificates/Signatures
Notebook with fingerprint scanner
About RMIT


Like most authentication technologies there are several flavours of biometric technology: from the advanced handwriting and facial character recognition systems to the more common fingerprint scanners and quite a few technologies in between (iris, retina, and palm scanners).

There are almost as many uses for biometrics as there are types. While all five of the devices that we were sent from vendors for this review were fingerprint scanners, most of them had very differing uses. From simple desktop management of passwords, through to three-factor authentication purposes. I will briefly run through the products submitted.

APC sent us a Biopod Biometric password manager which is pretty much exactly that. Designed for use with a desktop machine connected via USB the administrator can enroll up to 20 separate users or 20 fingers (if one is lucky enough to have four arms, that is).

The software that is bundled with the device is very straightforward and easy to use. Whenever an application or Web site is visited that requires a user to login, a small system tray resident applet pops up and indicates that it has detected a username/password field and invites the user to register that password to be used with the fingerprint scanner. Two options exist, one which automatically submits the stored login credentials every time the application is opened or the site browsed to, and the second which prompts the user for their fingerprint upon detection of a previously registered application or site.

The BQT Solutions mib-BT913U device clearly provides for very strong authentication in one device, combining up to three factor authenticatio -- something one knows, something one has and something one is. The hardware component of this solution is a robust contactless card reader/writer with a biometric fingerprint scanner built into it.

The BioEncode 3.1 software runs on Windows NT, 2000, and XP. The card reader is setup as a USB serial device.

Once registered the fingerprint is stored on the card, which is a worry if the card is lost as someone potentially has your fingerprint, however it is preferable to someone cracking a server and getting a database of all employees fingerprints. It also helps in remote or distributed locations where individual authentication terminals may not be hooked into the central authentication information database system or the authentication data may need to travel across potentially hostile or compromised networks.

ComSec Enterprises shipped us a 128MB USB v1.1 flash memory key with an embedded fingerprint scanner. Enrolment took quite some time. But once we were registered the device worked well. Larger capacity and USB 2.0 would be nice, but it is still a step ahead, in the security stakes, of the normal (easy to lose) memory keys.

The Digital Persona U.are.U 4000 Sensor is quite a neat compact optical USB fingerprint scanner. The distributor Automa shipped us both the workstation and server versions of the application software. The workstation Pro 3.1 for Active Directory software runs on Windows XP, 2003, 2000, ME and even Windows 98. This solution provides for Windows machine login replacing the usual Windows username/password authentication system.

Microsoft submitted a device called the Fingerprint Reader which is manufactured by Digital Persona and internally appears to be the same as the Digital Persona device but has a trendy pearlescent paint job. The device drivers/application however is limited to use with the Microsoft Windows XP operating system only.

Recently the lab has also seen embedded biometric fingerprint scanners in portable devices such as Fujitsu and IBM notebooks and HP PDAs.

The Fujitsu sported a traditional fingerprint-sized pad while the IBM notebook and the HP PDA had a small strip scanner that the user runs his or her finger over.

For more information on the notebooks, click here.

An important tip when using fingerprint scanners is once authentication is complete, the finger must be slid off the scanning window to smudge the print. It has been known that some scanners return false positive IDs when a breath of air is blown onto the device or bag of water applied to a scanner with a residual imprint.

There are various other ways of "tricking" a fingerprint scanner and Steve Turvey sums these up in his biometric review in the February 2004 edition of T&B. Another problem is remembering which finger was used during the registration process.

When considering the biometric route look at a vendor's crossover error rate. This is the point where the rejection of legitimate users intersects with the false acceptance of unauthorised users. If a system is configured too tighty then legitimate user frustration can result in too many rejections/re-authentication requests coming through.

Vendor APC
Phone 1800 652 725
Technology Biometric fingerprint scanner/password management
Model Biopod Biometric Password Manager

For Microsoft Windows XP and Windows 2000 desktop machine use, we found it easy to detect and work with every login we tried.
Simple ease of use with a very intuitive front end application make using the APC biometric device a breeze.
Very well priced considering the ease of use and the benefit users would get from running a device like this.
2-year warranty is very good.

Vendor ComSec Enterprises
Phone 07 3222 6800
Technology USB memory key with biometric fingerprint scanner
Model 128Mb BioDisk Biometric Flash Disk
Price AU$119.95 for 128Mb (256, 512, and 1024 also available)
Works with USB so interoperates well but has limited capacity at 128MB and also is only a USB v1.1 device. Larger capacities are available though.
Certainly offers more security than a standard USB memory key.
For a memory key plus biometric device the pricing is not too harsh.
12-months warranty is average for these types of devices.

Topics: Security, Enterprise Software, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.