The Fingerprint As Password
There's one born every minute, boys and girls. We should take bets on when the first digital robbery occurs spoofing the output of one of these things. Cheers, RAH -------- <http://www.forbes.com/2004/05/21/cx_ah_0521tentech_print.html> Forbes Ten O'Clock Tech The Fingerprint As Password Arik Hesseldahl, 05.21.04, 10:00 AM ET Active Web users have lots of passwords to remember. First there's the log-in information just to sign in to a computer. Beyond that, an increasing number of Web sites that used to let visitors browse unencumbered are now requiring registration user names and passwords. More people are doing their banking online as well. And ever more people are ditching traditional e-mail accounts for Web-based e-mail from Microsoft's (nasdaq: MSFT - news - people ) Hotmail or Yahoo! (nasdaq: YHOO - news - people ). Password overload is a common problem. Both Microsoft and Apple Computer (nasdaq: AAPL - news - people ) have added new software tools to keep track of all your passwords, and Web browsers are increasingly likely to remember them for you as well. APC's Biometric Password Manager But whatever happened to biometrics? That's the science behind using a part of the body, such as a fingerprint or the iris of an eye, to replace a password. Wasn't biometrics supposed to be the field that would save us all from the frustrations of faulty password memory? If you've been waiting for the right device that will allow you to use a fingerprint to sign in to your PC and access the many password-protected Web sites you use, then your time has come. This week we tested a little device called the Biometric Password Manager from American Power Conversion (nasdaq: APCC - news - people ). This company is better known for its numerous power products, such as surge protectors, uninterruptible power sources and the like. APC's Password Manager plugs into the USB port of your PC. It sits on the desktop and whenever a password would be needed, you use a fingerprint to sign in. Software running on the PC associates the fingerprint with the user name and password and automatically enters them both and signs in the user. The product more or less worked exactly as described. Installation was pretty easy. A simple software wizard took us through the process of scanning the fingerprint, first for practice and then for real. The software supports up to 20 individual fingerprints, allowing for multiple users. It integrates easily with a browser, too. Aside from the system log-in, we trained the software to remember the sign-in information for a Yahoo! mail account. Doing so was a little less clear than was the initial setup and took a few tries. But once it was set up correctly, the fingerprint signed us in smoothly and instantaneously to check e-mail. The software also allows encryption of files on a PC. Say you've got an Excel workbook containing data you'd rather people outside your company didn't see, but which you don't need to refer to very often. You can lock it up with a password, but after several months that password may be difficult to remember. The fingerprint system makes that process easy. The unit is available for about $50. The software supports Microsoft Windows, starting with Windows 98, but doesn't support the Mac operating system. Mac users who want fingerprint security should investigate a similar device from Sony (nyse: SNE - news - people ), called the Puppy, which we'll test sometime in the future. Overall, APC's Biometric Password Manager seems a good value, offering a relatively simple method to avoid password overload. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "This Way to the Egress" -- Placard girl in P.T. Barnum's circus
a) Why do I have the feeling that there is no way to tell which password a piece of software is asking for when you thumb it. Does the host machine get all of them and figure out which one it wants to use? b) How hard is it to bypass the check and simply pull the complete set of passwords out of it's memory. My guess it "not too fucking hard." At $50 a piece, they can't have spent too much (if any) on tamper-resitance, security review, etc. Anyone know how much cheap thumb scanner hardware goes for in bulk these days? -Jack On Fri, May 21, 2004 at 03:26:15PM -0400, R. A. Hettinga wrote:
There's one born every minute, boys and girls.
We should take bets on when the first digital robbery occurs spoofing the output of one of these things.
Cheers, RAH --------
<http://www.forbes.com/2004/05/21/cx_ah_0521tentech_print.html>
Forbes
[...]
participants (2)
-
Jack Lloyd
-
R. A. Hettinga