User authentication options: Using two factor authentication for security


This article can also be found in the Premium Editorial Download "Information Security magazine: Special manager's guide: Monitoring identities."

Download it now to read this article plus other related content.

How does biometrics work?

Biometric authentication is based on a physical or behavioral characteristic, including the face, fingerprints, hand geometry,

    Requires Free Membership to View

retinas, handwriting and voice. Many computer manufacturers are building in swipe fingerprint readers onto the case of the computer or its keyboard.

At the same time, Trusted Computing Group (TCG) is driving the adoption of the Trusted Platform Module (TPM) chip onto the motherboard of most business-class desktops, laptops and tablet computers. Manufacturers like Dell, Fujitsu, Hewlett-Packard, Intel, Lenovo and Toshiba have joined TCG and support the TPM module. The TPM chip is a microcontroller that stores cryptographic keys, passwords and digital certificates, and is accessed via secure channels built into the client software. Combined with built-in, swipe-based biometric readers, the TPM provides strong authentication and credential storage.

Pros and cons: TPM adoption by the major PC vendors, combined with free client biometric software, is driving down costs dramatically in this market and facilitating enterprise deployment. Standalone biometric readers such as fingerprint, retina and handprint scanners have historically been in the $100 range plus software costs. Currently, only fingerprint readers are being added to PCs at the point of manufacture.

The biometric software typically converts the fingerprint into a series of data points that mathematically represent the fingerprint, but cannot be used to recreate the fingerprint. Vendors vary widely in their implementation of this measurement process. The crossover error rate is a good measure of accuracy of the reader/software combination, but the readers themselves can be susceptible to errors.

Other issues to consider before choosing this type of biometric solution are what's required to effectively deploy and centrally control the required client software, and whether there is reporting to a central server on security events such as unauthorized access. The answers to these questions vary from manufacturer to manufacturer.

What to do: Look first to implement a built-in fingerprint reader/TPM solution for users that are accessing high-value data such as mergers and acquisitions material, technical research and marketing plans. Then consider deploying it in a measured way across the enterprise to other users, keeping in mind the time it takes to deliver client software to thousands of desktops and to enroll users' fingerprints with the readers.

This was first published in August 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: