Biometrics: Getting Back to Business

Computerworld - People and passwords—in the long run, they just don't work very effectively together. At least that's what Phil Fowler, vice president of IT at Telesis Community Credit Union, a Chatsworth, Calif.-based financial services provider that manages $1.2 billion in assets, found out. His team ran a network password cracker as part of an enterprise security audit last year to see if employees were adhering to Telesis' password policies. They weren't.

"Within 30 seconds, we had identified probably 80% of people's passwords," says Fowler, whose group immediately asked employees to create strong passwords that adhered to the security requirements. A few days later, the team ran the password cracker again: This time, they cracked 70%.

"We couldn't get [employees] to maintain strong passwords, and those that did forgot them, so the help desk would have to reset them," says Fowler. Telesis decided to secure network and application access with a biometric system that eliminated the need for user IDs and passwords, opting for the DigitalPersona fingerprint system from DigitalPersona Inc. in Redwood City, Calif.

The use of biometrics—the mathematical analysis of characteristics such as fingerprints, veins in irises and retinas, and voice patterns—as a way to authenticate users' identities has been a topic of discussion for years. Early commercial success stories have largely come from applying biometrics to projects with provable returns on investment: time and attendance, password reduction and reset, and physical access control. Though biometric work remains primarily in the pilot stages, the events of 9/11 pushed emerging commercial products to center stage—a spot some say they weren't ready to claim. Vendor focus shifted from the private sector toward the huge contracts many expected would be awarded in the public sector, say observers.

The attacks on 9/11 "brought focus to what was going on in biometrics, and [vendors] switched gears. Where previously they were thinking about [biometrics] for enterprise access, they decided government contracts were the next gold mine and jumped on that," says C. Maxine Most, president of Acuity Market Intelligence in Boulder, Colo.

Phil Fowler, vice president of IT at Telesis Community Credit Union Image Credit: Manuello Paganelli

Samir Nanavati, a partner at International Biometric Group LLC, a consultancy in New York, says the problem was more a lack of public-sector readiness than technology shortfalls.

"In 2001, the private sector was aggressively researching and testing biometrics, and the public sector had a couple of projects," Nanavati says. "After September, the biometrics industry reread the whole landscape and decided to gravitate toward the public sector, going after a market that wasn't ready for them." But, he adds, there are plenty of smaller stories of "biometrics hitting the bottom line" in the private sector.

Finger on Access