Biometrics gets better but still needs some work

 

Connecting state and local government leaders

The biometrics market is maturing past its once-flimsy hardware and confusing software.

The biometrics market is maturing past its once-flimsy hardware and confusing software.Two biometrics roundups ago, the GCN Lab could consistently fool a vocal-facial biometric duo by making animal noises at log-in.This time, however, each of the six biometrics products we tested could do its job. Our hacking efforts and animal impersonations failed to break into any of the secured systems.There's still plenty of room for improvement, however. Some biometrics programs are less user-friendly than they should be, particularly when installed under newer operating systems. Microsoft Windows XP, for instance, produced some software conflicts.[IMGCAP(2)]We reviewed four of the six products with the Saf2000 software tool from SafLink Corp. of Bellevue, Wash. It could run multiple biometrics products under one graphical identification and authorization (GINA) interface. Priced at around $50 per client, Saf2000 was easy to install on a Pentium III test PC with 256M of RAM.Because biometrics devices are only as strong as their operating system, we installed and tested each product in both Windows 2000 and XP environments.Price and ease of setup were factors in determining the overall grades. But we gave more weight to reliability, security and logical interfaces. If biometrics software gets too complicated, the administrator can easily make installation errors that render the safeguard useless while conveying a false sense of security.We recommend agencies adopt biometrics not to replace passwords but rather to complement them. Most biometrics programs by default will admit users based on recognition alone. That's like keeping the car doors locked but the windows open.We suggest reversing such defaults and requiring users to type in passwords, especially where networks store sensitive data.The most secure method we tested this year was iris authentication using the Panasonic Authenticam combined with Iridian Private ID iris-scanning software and KnoWho verification software.An iris forms before birth in a random process called chaotic morphogenesis. No two irises form identically, even on the same person. That should make iris identification quite difficult to circumvent, and to our knowledge it hasn't been done yet.The main drawbacks are the slowness of recording iris patterns and the intrusiveness of the enrollment process.By partnering with Panasonic, Iridian could devote all its engineering resources to improving the software instead of developing both hardware and software. The result this year was easier software setup and a less intrusive interface.Three years ago, it often took us several unblinking seconds'sometimes as much as a half-hour of attempts'to enroll a user successfully.This year we could speed volunteers in and out in a few seconds. Logging in was merely a matter of adjusting the distance between eye and camera.The price for the Panasonic Authenticam meanwhile has dropped as low as $99 online, with the average price around $219.Under Saf2000 and Windows 2000, Iridian's Private ID and KnoWho worked well and installed easily. But compatibility with Windows XP was another story.[IMGCAP(3)]We could not locate downloadable XP updates or patches on Iridian's Web site. Despite several attempts, we never made the software work properly under XP.Nevertheless, the Authenticam coupled with Iridian's software merited a Reviewer's Choice designation and an A grade for robust protection. Licensing costs the same as last year: $25 to $75 per seat depending on infrastructure.Although iris authentication is virtually impregnable, it theoretically could be hacked if, say, a terrorist killed an authorized user and removed an eyeball to present to the camera. But the iris decays rapidly after death, so the eye would have to be used within seconds.Despite our curiosity, we couldn't find a volunteer for such a test.Partly because of the possibility of removing or replicating body parts, two technologies have developed in fingerprint biometrics.Some fingerprint devices have silicon chips, others have optical sensors. Both types use algorithms to compare a fingerprint scan against stored characteristics called minutiae, but silicon chips have the additional ability to register heat, electrical impulses and blood flow.That would make it harder to fool a silicon-chip device, for example, by presenting a replica of an authorized person's finger. Also, silicon readers can integrate smart cards for extra security.That's the case with the Precise 100 MC from Precise Biometrics Inc., which received a Reviewer's Choice designation and an A- grade for easy setup, high security and smart-card integration.The Precise 100 MC stores and matches a user's fingerprint on the smart card instead of a separate computer. That improves durability because smart cards are far more rugged than fingerprint readers. Also, the data is less hackable on a smart card than it would be on a PC and is further secured by encryption.A Precise smart card works in any 100 MC device, so enterprise installation would be easy and relatively inexpensive. The 100 MC costs about $200 per unit and the smart cards about $10 each.Although Precise has stopped developing the software for its devices, we had no problems using Saf2000. But Saf2000 did not support the two optical sensors we tested. We installed them under Windows 2000 and XP using their own proprietary software.[IMGCAP(4)]The DFR-200 BioTouch USB from Identix Public Sector Inc. has been called the Rolls-Royce of optical fingerprint readers. Its GINA software installation wasn't as intuitive as that of the Digital Persona immediately below, but it came close. The BioTouch was considerably easier to use than the Digital Persona because weight and bulk kept it in place during use. Digital Persona's U.are.U Pro and U.are.U 4000 sensor had the most effortless setup in the review. All we had to do was install the software and plug the device into a Universal Serial Bus port.Changes to the GINA software also made it easier to log in than with many other programs, including Saf2000. Moments after placing a finger, we were logged in. The only problem was that the U.are.U was less bulky than the Identix optical reader and a lot less ergonomic. The sensor placement area was too large for fingers, which could easily miss the target. A thumb proved more accurate.Average Web price was $77, making U.are.U an economical alternative to silicon-chip readers.Silicon-chip readers tend to be more expensive enterprisewide and to fail sooner than optical scanners. Both drawbacks were present in the Sony FIU-710, better known as the Puppy.The Puppy had the sleekest form factor plus a carrying case ideal for travelers. But unlike the 100 MC, the Puppy did its own processing and storage. Losing or breaking the device would mean losing not only $200 but also the user's enrollment data. In contrast, a 100 MC user would still have credentials stored on the smart card and could log in with another device. Losing the card would require re-enrollment, but replacing it would cost $10.Sony's design was smooth, and the Puppy was easy to install and use under both OSes.To see photos from the biometrics tests, go to gcn.com and type 113 in the GCN.com/search box.

The Panasonic Authenticam helped the lab test both the top- and bottom-rated biometric applications.

Olivier Douliery

The Precise 100 MC reader and smart card worked together to offload processing from a PC.

The BioTouch USB was easy to set up and stable in use.

Sony's Puppy was small and easy to carry on travel. The unit processed fingerprint data with its own CPU.

Iris authentication stands out as the most secure biometric technique in use today















Work in tandem







































Easy installation
















Self-storage







GCN Lab technician Arthur Moser contributed to this review.
X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.