Time to gear up for biometric keyboards?

Designed to improve security and decrease help desk calls, biometric keyboards scan your fingerprint and authenticate you from encrypted fingerprint records in lieu of asking for a password.
Written by Laura Taylor, Contributor

Designed to improve security and decrease help desk calls, biometric keyboards scan your fingerprint and authenticate you from encrypted fingerprint records in lieu of asking for a password.

The leading fingerprint scanners work in conjunction with Microsoft's Windows operating systems and Novell's Network Directory Services (NDS).


Biometric keyboards instantly obsolete well-known password cracking programs like NTCrack, John the Ripper, L0phtCrack, and PWDUMP, all of which are based on deciphering dictionary attacks.

Biometric keyboards can solve a number of problems for network administrators: you don't need to specify password expiration times, since users' fingerprints never expire, and users won't need to call the help desk to have their passwords reset because they forgot them. While passwords can be exchanged and hacked, fingerprints cannot.

In my experience, management and administration of user passwords costs a typical IT organization from US$100 to US$300 per user, but despite that, you won't find biometric keyboards popping up everywhere yet. Aside from price--a new keyboard can run upwards of US$120 compared to around $20 for a standard keyboard - privacy concerns about scanning and storing personal data prevent some companies from employing the keyboards.

Government agencies, on the other hand, are embracing fingerprint scanners, because they are more concerned with protecting their data than preserving employees' privacy. The looming Health Information Privacy and Protection Act (HIPPA) is creating enough buzz about privacy to entice major healthcare providers to take a second look at biometric authentication technologies too.

When integrated with Windows, leading fingerprint scanner servers extend the operating systems' Security Accounts Manager (SAM), which is the database where all passwords or authentication records are kept.

In fingerprint-scanning devices, the fingerprint image passes through an extraction algorithm that hands it off to a matching algorithm. If the program finds a match, the user is authenticated. Even if a hacker were to break in and steal the SAM database, it would be useless without the actual finger to match it with.

Novell has also developed an authentication product that interoperates with most leading fingerprint scanners. Novell Modular Authentication System provides multi-factor authentication to NDS and stores encrypted fingerprint records in Novell's eDirectory.

According to industry analyst Steve Hunt at Giga Information Group, Novell's architecture "is superior to most since it is so well integrated with Novell's NDS eDirectory and Microsoft Windows."

Leading PC makers are starting to offer biometric authentication tools. Compaq now sells a Biometric Option Kit that includes a biometric keyboard. Dell offers biometric keyboards for large custom orders and is ramping up a program to sell biometric keyboards on standard orders.

IDC predicts the biometric market to increase at the same compound annual growth rate (CAGR) of PKI products, which is roughly 60 percent. Though I think that's probably optimistic, biometric keyboard growth is on a steady increase. Today, you can purchase a fingerprint-scanning integrated circuit from AuthenTec for US$20 and costs will continue to drop. After technology hardware devices reach single-digit costs ($9 and below), the speed of their adoption generally accelerates at rapid rates. I predict biometric technology will be ubiquitous on all keyboards within five years.

The undisputed leaders in biometric fingerprint technology development include Identix, AuthenTec, and Ethentica, while Cherry Corp. and Keytronic Corp. lead the way in integrating the technology into devices.

Identix uses optical scanning technology to capture and map out minutia points, or lines of intersection on your fingertips. The Identix fingerprint scanner is available as a PC Card or as an external PC add-on device that plugs into the parallel port, starting at around US$99. Identix has distributed more than 2,000 of its fingerprint scanners to Microsoft for testing and development purposes.

AuthenTec uses a sensor matrix, built into an integrated circuit, with more than 16,000 location elements (similar to pixels on a screen) to map crests and valleys on a fingerprint. AuthenTec's semiconductor approach can identify fingerprints that are covered with dirt, make-up, grease, and other scan-blocking goop.

Because it is an actual integrated circuit, the US$20 AuthenTec fingerprint-scanning product is more affordably priced than pre-packaged fingerprint scanners like those sold by Identix. However, integrating the circuit takes a bit more know-how than using Identix's pre-packaged PC Card, and Identix has created pre-packages drivers that integrate cleanly with Microsoft Windows and Novell Netware.

Ethentica offers fingerprint-scanning products similar to those of Identix and AuthenTec. Offering both PC Card form factor scanners (US$179) and USB-based (US$119) tactile sense scanners similar to AuthenTec's circuit-based technology, Ethentica fingerprint-scanning solutions are more expensive than those offered by Identix or AuthenTec.

One of AuthenTec's leading integrators is a company called Sense Technologies. Sense provides complete integration and support of the fingerprint scanner into a custom computer time and attendance system on the wall with a keypad. The system goes for US$5000.00, can support an unlimited number of users, and is fully integrated into their network IT infrastructure. For end-users who want instant capabilities for laptop authentication, Identix is a better choice.

Cherry Corp. produced its first biometric keyboard nearly three years ago. According to a spokesman for Cherry, the demand for biometric keyboards has increased significantly in the last six months. Top customers include federal agencies and computer resellers.

Keytronic Corp. sells biometric keyboards through resellers and through an online store. Keytronic's top customers are also federal agencies, both domestic and abroad, according to a company spokesman. European and South American government agencies are embracing this new keyboard technology faster than U.S. federal agencies.

If your organization is bogged down with password administration and security issues, fingerprint scanners offer advanced capabilities over traditional password based security. The increased security you gain through using encrypted multi-factor authentication prevents users from sharing login information, and, if installed correctly, can render stolen laptops useless.

Laura Taylor is the Chief Technology Officer and founder of Relevant Technologies. Ms. Taylor has 17 years of experience in IT operations with a focus in information security. She has worked as Director of Information Security at Navisite and as CIO of Schafer Corp., a weapons development contractor for the Department of Defense.

Editorial standards