Ask the Expert

How to protect a laptop: Biometrics vs. encryption

The executives at my enterprise have extremely sensitive information on their laptops. I'm considering deploying biometric authentication on these devices. My question is, if I use biometrics, how useful or necessary is full-disk encryption?

    Requires Free Membership to View

Actually, you've asked about two separate functions for protecting a laptop: strong authentication and encryption. While these two can be used in conjunction, they don't provide the same protection schemes.

Biometric authentication is used to positively identify the user at login. Full disk encryption prevents unauthorized users from accessing the system data. If you put biometric authentication on the laptop and it's stolen, without full disk encryption, there's nothing to prevent someone from pulling the disk drive out of the laptop, putting it in an external case and reading the data on another system.

It's worth noting that while it may seem like biometric authentication is superior to password-based systems, that's not necessarily true. Studies suggest that biometric authentication is in many ways easier to break. Your fingerprint "password" can be lifted from a door knob on the outside of a locked office, a coffee mug or even a keyboard left at a cubical. Even if you use optical recognition, the invention of 15 megapixel cameras may allow that group photo taken at the company outing, once blown up, to have enough detail to fool the optical eye scanner on a laptop.

It should also be pointed out that both biometrics and full disk encryption don't do any good if someone walks away from his or her laptop without logging out first (it takes little time to go to an active laptop, plug in a thumb drive and download many megabytes of information). My advice is use both full disk encryption and biometric authentication (ideally as part of a multifactor authentication scheme) whenever possible. The combination will ensure a high level of security for authentication and data protection. You can use biometrics as a "something I have" authentication method, but I wouldn't uninstall the full disk encryption software anytime soon.

For more information:

This was first published in December 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: