I would like to tighten desktop security by replacing/reinforcing the login passwords with fingerprints. The userID must match the user's fingerprint for logon authentication. My USB fingerprint scanner already has software that enrolls, verifies and stores fingerprints in a database in the form of templates. So how do I personalize/replace the Windows 2000 logon prompt to suit my fingerprint login needs?

    Requires Free Membership to View

Some commercially available USB biometrics devices, like the one you describe, come with installation software that modifies Windows 2000, Windows 2003 and Windows XP logon prompts for fingerprint readers. Three companies offering these products are BioCert, Saflink and Priva. These products actually replace the original GINA, or Graphical Identification and Authentication component that displays the classic Windows logon prompt. They do this with a custom DLL (dynamic link library) written for the occasion.

Again, this is not an easy task for a valid reason. Remember, the logon prompt is the gateway into your system, so you wouldn't want just anyone to tamper with it. If you did, it would mean that anyone could write code to bypass Windows logons.

To learn how to customize a GINA for your particular fingerprint scanner, I suggest you read this security brief from msdn:http://msdn.microsoft.com/msdnmag/issues/05/05/SecurityBriefs. This article not only guides you through the process, but provides sample code as well. Keep this in mind, should you decide to write your own GINA code, you may want to keep that user ID and password alongside your fingerprint login in your new personalized prompt, especially if you're looking for true two-factor authentication and the protection that it promises.

Finally, it's important to remember biometrics devices aren't replacements for passwords. The point of biometrics is to be part of a two-factor authentication system. Two-factor systems are generally stronger because they require two layers of authentication, while a user ID and password combination alone, or a biometrics device by itself only provides one layer of protection. It's best to add biometrics to augment a user ID and password set up, rather than deploy it as a standalone, because it's only a marginally better authentication mechanism by itself.

This was first published in December 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: