April 2006
Fingerprint scanners
A safe way to skip PC passwords
Log-in IDs, passwords, PIN codes, screen names, and online profiles. Does it seem like you have to remember way too much information
to use your computer and log on to the Internet? There's a better way to manage computer and Internet access: Use a biometric
security device such as a fingerprint scanner.
With a swipe of your finger, you can log in to your computer and home or office network. Can't remember that ID or password for a Web site you last visited months ago? Move your finger across the sensor and you're in. Using fingerprints instead of passwords also makes life easier for families that share one home computer, since many scanners can be set up to recognize different family members. What's more, the biometric device provides another security layer against hackers and unauthorized users.
Scanners are priced from about $50 and come in various forms. Some fingerprint scanners are stand-alone devices with no other function. Others are built into a keyboard or mouse or combined with a USB flash drive, a lipstick-sized storage device used to transport large files between computers. Most of these devices can be plugged into almost any computer with an available USB port. If you don't want an add-on device, you can get a laptop computer with an integrated scanner. These include the Lenovo Thinkpad R52 (see our Ratings on laptops, available to ) and models from Compaq, Fujitsu, Sony, and Toshiba.
Capabilities vary as well. The simplest scanners are used only for the computer log-in. Others also store Web site log-in and password data. Some flash-drive models protect data stored on both the key and on the computer attached to it; others secure only the data on the key itself.
The combination of convenience and security sounds great, provided these scanners work as promised. In preliminary tests of scanners from APC, Kanguru, SanDisk, and Sony--costing $50 to $130--we found that they did live up to their billing. Some models didn't always recognize our prints on the first swipe, but it never took more than a few tries to gain access. Just as important, all the tested units prevented unauthorized use, even when we tried to fool them with copies of authorized prints.
HOW THEY WORK
Fingerprint scanners read your fingerprint using either an optical method similar to the way a photocopier scans an original or a capacitive method that senses the difference in electrical charges between the ridges and valleys in a fingerprint.
Neither technology takes an actual print of your finger, so you don't have to worry that some hacker will be able to recreate your fingerprints and plant them at a crime scene. But by analyzing these patterns, called minutiae, a scanner can differentiate fingerprints unique to each individual.
When you first install the scanner, you have to "enroll" a finger and link it with a log-in process. It's best to enroll several fingers on both hands in case you have a cut on one finger or your whole hand is out of commission.
In most cases, you type in the required log-in ID and password and then click a button. The scanner will ask if you want to link your digital print with that log-in data. Subsequent log-ins to your computer or a Web site require only a swipe of an enrolled finger.
The scanners, such as the devices from APC and Sony, accommodate multiple users on the same computer and make the process fairly easy. Once the family has enrolled their fingers with the device on the home PC, for example, each member has a convenient way to log-in to their own computer "account," including Windows log-ins and Web site passwords.
Since the scanner remembers the log-in information, you can create "strong" passwords--lengthy strings of completely random letters, numbers, and symbols--instead of the common practice of using easily remembered and easily guessed, words. "Mxc!7tI8cW3L}fg," for example, is much harder to crack than "fluffy" or your child's name because it isn't in the online dictionaries hackers often use to break passwords.
That's especially helpful when dealing with multiple Web site log-ins. Even if hackers manage to crack one of your strong passwords--say, for your Yahoo! Account--your online bank account could still be secure since that log-in has a unique strong password.
WHAT WE FOUND
Setting up the scanners was simple but a bit time-consuming. Some models required three readings to enroll a finger; others needed as many as eight per finger. We found similar differences when using the products. Some scanners wouldn't recognize an enrolled finger on the first try, so we had to swipe it a few times. But we were always able to gain access.
Overall, access control was very good. None of the scanners allowed unauthorized access, even when we tried fooling them by lifting inked fingerprints and molded fingerprint casts using professional-grade materials. That suggests it would be extremely difficult for a casual user to circumvent the system. Still, we don't doubt that experienced, determined hackers with the right digital tools will be able to break through the protection offered by these fingerprint scanners.
The models we tested work only with Windows and with Microsoft's Internet Explorer browser. (We're aware of one Mac-compatible model on the market, the Sony FIU600/M Puppy, which allows you only to log in to the Mac operating system.)
THE BOTTOM LINE
A biometric device certainly isn't a must have. Well-conceived passwords can do a decent job protecting data, and many browsers save log-in information for many sites so you don't have to remember it.
Still, a fingerprint scanner can be handy if you use multiple computers and have user names and passwords for all the different Web sites you visit. It's also worth considering if you want to safeguard files on your computer or on a portable storage device. For less than $100, you can purchase convenience and peace of mind.
None of the devices we tested can do it all, though. The Sony USB flash drive manages Web site log-in and is the only one of the test group that safeguards data both on the drive itself and on the computer connected to it. But it doesn't manage Windows log-in. The SanDisk USB flash drive controls both Windows and Web access, but it protects only the data stored on the flash drive itself, not the files on the computer.
The two other devices we tested have more limited functionality. The Kanguru USB flash drive protects the files stored on it, but it doesn't manage access to your PC or Web site log-ins. The APC has no storage; it is simply a scanner that controls access to your PC and Web sites.
With a swipe of your finger, you can log in to your computer and home or office network. Can't remember that ID or password for a Web site you last visited months ago? Move your finger across the sensor and you're in. Using fingerprints instead of passwords also makes life easier for families that share one home computer, since many scanners can be set up to recognize different family members. What's more, the biometric device provides another security layer against hackers and unauthorized users.
Scanners are priced from about $50 and come in various forms. Some fingerprint scanners are stand-alone devices with no other function. Others are built into a keyboard or mouse or combined with a USB flash drive, a lipstick-sized storage device used to transport large files between computers. Most of these devices can be plugged into almost any computer with an available USB port. If you don't want an add-on device, you can get a laptop computer with an integrated scanner. These include the Lenovo Thinkpad R52 (see our Ratings on laptops, available to ) and models from Compaq, Fujitsu, Sony, and Toshiba.
Capabilities vary as well. The simplest scanners are used only for the computer log-in. Others also store Web site log-in and password data. Some flash-drive models protect data stored on both the key and on the computer attached to it; others secure only the data on the key itself.
The combination of convenience and security sounds great, provided these scanners work as promised. In preliminary tests of scanners from APC, Kanguru, SanDisk, and Sony--costing $50 to $130--we found that they did live up to their billing. Some models didn't always recognize our prints on the first swipe, but it never took more than a few tries to gain access. Just as important, all the tested units prevented unauthorized use, even when we tried to fool them with copies of authorized prints.
HOW THEY WORK
Fingerprint scanners read your fingerprint using either an optical method similar to the way a photocopier scans an original or a capacitive method that senses the difference in electrical charges between the ridges and valleys in a fingerprint.
Neither technology takes an actual print of your finger, so you don't have to worry that some hacker will be able to recreate your fingerprints and plant them at a crime scene. But by analyzing these patterns, called minutiae, a scanner can differentiate fingerprints unique to each individual.
When you first install the scanner, you have to "enroll" a finger and link it with a log-in process. It's best to enroll several fingers on both hands in case you have a cut on one finger or your whole hand is out of commission.
In most cases, you type in the required log-in ID and password and then click a button. The scanner will ask if you want to link your digital print with that log-in data. Subsequent log-ins to your computer or a Web site require only a swipe of an enrolled finger.
The scanners, such as the devices from APC and Sony, accommodate multiple users on the same computer and make the process fairly easy. Once the family has enrolled their fingers with the device on the home PC, for example, each member has a convenient way to log-in to their own computer "account," including Windows log-ins and Web site passwords.
Since the scanner remembers the log-in information, you can create "strong" passwords--lengthy strings of completely random letters, numbers, and symbols--instead of the common practice of using easily remembered and easily guessed, words. "Mxc!7tI8cW3L}fg," for example, is much harder to crack than "fluffy" or your child's name because it isn't in the online dictionaries hackers often use to break passwords.
That's especially helpful when dealing with multiple Web site log-ins. Even if hackers manage to crack one of your strong passwords--say, for your Yahoo! Account--your online bank account could still be secure since that log-in has a unique strong password.
WHAT WE FOUND
Setting up the scanners was simple but a bit time-consuming. Some models required three readings to enroll a finger; others needed as many as eight per finger. We found similar differences when using the products. Some scanners wouldn't recognize an enrolled finger on the first try, so we had to swipe it a few times. But we were always able to gain access.
Overall, access control was very good. None of the scanners allowed unauthorized access, even when we tried fooling them by lifting inked fingerprints and molded fingerprint casts using professional-grade materials. That suggests it would be extremely difficult for a casual user to circumvent the system. Still, we don't doubt that experienced, determined hackers with the right digital tools will be able to break through the protection offered by these fingerprint scanners.
The models we tested work only with Windows and with Microsoft's Internet Explorer browser. (We're aware of one Mac-compatible model on the market, the Sony FIU600/M Puppy, which allows you only to log in to the Mac operating system.)
THE BOTTOM LINE
A biometric device certainly isn't a must have. Well-conceived passwords can do a decent job protecting data, and many browsers save log-in information for many sites so you don't have to remember it.
Still, a fingerprint scanner can be handy if you use multiple computers and have user names and passwords for all the different Web sites you visit. It's also worth considering if you want to safeguard files on your computer or on a portable storage device. For less than $100, you can purchase convenience and peace of mind.
None of the devices we tested can do it all, though. The Sony USB flash drive manages Web site log-in and is the only one of the test group that safeguards data both on the drive itself and on the computer connected to it. But it doesn't manage Windows log-in. The SanDisk USB flash drive controls both Windows and Web access, but it protects only the data stored on the flash drive itself, not the files on the computer.
The two other devices we tested have more limited functionality. The Kanguru USB flash drive protects the files stored on it, but it doesn't manage access to your PC or Web site log-ins. The APC has no storage; it is simply a scanner that controls access to your PC and Web sites.
