BioMouse fingerprint ID system digit-izes PC access

On the screen, a dialog box asked for my user name. After I entered it, the software
displayed a crosshair and invited me to place a finger on the BioMouse's red scanner.

When I pressed down my left thumb, a clear fingerprint image appeared along the bottom
of the screen, so I moved my thumb closer to the center of the sensor window. Almost
instantly the security window disappeared, and I was in.

That's how you gain access to a system running Microsoft Windows or SunSoft Solaris if
it's equipped with the BioMouse fingerprint recognition system.

Despite the name, the BioMouse has no other functions--it's not a pointing device.

Most people hate trying to remember passwords. Too many just select their own or
relatives' names and then write them down somewhere.

I have seen passwords on Post-It notes stuck right on the monitor.

Security managers have valiantly battled for better password use, to little avail. So
some are turning to low-cost biometric access-control devices, such as the BioMouse,
priced around $300 per PC.

The BioMouse scanner hardware and software compare a sample fingerprint against prints
stored in memory. The process is fast, secure and user-friendly, and the equipment is easy
to install and maintain.

To connect the fist-sized black BioMouse tube, I plugged in an included power supply
and connected it to a parallel port through a pass-through. Software setup took about two
minutes.

Each BioMouse user enrolls by entering a sample fingerprint three times and waiting
while the software compares the samples. You must press evenly on the sensor pad, but even
then the software is quite forgiving.

An office could boost security by instituting confidential user names instead of the
usual LAN password combinations of names and initials. If each PC has one designated user,
a default setting could skip the user name entry.

Recognition times in my tests averaged less than three seconds on a fast PC at the
default security setting: one false acceptance in 1,000 tries.

When I changed the security setting to one in 1 million tries, recognition still took
about three seconds. Only one authorization attempt lasted almost 10 seconds.

Bad finger placement can slow things down, but the software is not very sensitive to
inaccurate centering of a finger on the screen. If you have trouble, the scanned image
shows up with a crosshair target for placement.

I found no way to specify a maximum number of access attempts. That is the only flaw I
see in the system; I suspect government agencies would prefer to limit the number of
attempts.

In addition to fiddling with the false-acceptance levels, you can change the sensor
sensitivity to compensate for problems some users might have in getting a good fingerprint
image.

After three tries, the enrollment software gauges the image-match quality.

The rating ranges from 1 to 3, and the higher your security level, the better the
enrollment match should be. I reached the maximum quality during the first try.

The higher the security level, the more likely BioMouse is to deny a legitimate user.
So make sure users enroll with more than one finger. And I recommend trying it out a few
times before you activate it permanently. During default tests, you can still access a
computer by rebooting even if the BioMouse authorization fails.

Although the default image is a left thumbprint, a user can enroll prints of any or all
fingers. Always authenticate more than one print in case someone scars or loses a finger.

To guarantee that a high security setting won't lock out users inappropriately,
authorize at least two users for each PC. The backup users can be enrolled without
knowledge of their user names, so they still could not gain access to a PC without someone
else's consent.

If you set a default user, no list of other user names will appear, even in the setup
windows, until an authorized user gains proper access. You must know any alternate user
names, which can be up to 28 characters long, before another user can even try to
authenticate a fingerprint.

No users can simply pick names from a list of those enrolled unless they have already
presented a valid fingerprint.

The BioMouse recognition algorithm was tested under a National Institute of Standards
and Technology-approved test suite. American Biometric Co. claims certification for
security levels up to one false authorization in 1 million attempts.

Most offices should set up an administrator account for BioMouse. Without the special
account, anyone with access to any PC can enroll as an authorized user after the software
is accessed the first time each day. An administrator account also makes it easy to add
new users and remove old ones.

I tried 30 test fingerprints, and BioMouse passed only the correct one even at the
default setting, so I consider it secure. Recognition speed was fast, although once or
twice out of several dozen tries I had to reposition my finger.

The documentation was skimpy at 16 pages, but I completed the installation in a few
minutes without opening the booklet. There's also an online manual.

John McCormick, a free-lance writer and computer consultant, has been working with
computers since the early 1960s.