Making Passwords Passe

Computerworld - Administrators face the unenviable task of designing security systems that meet their firms' needs but don't irritate users. So they try to balance effectiveness against convenience. While the two goals are mutually exclusive, new biometric products narrow the gap between them.
When selecting a log-on security system, you have to rely on one or more of the three authentication possibilities. You can base it on something users know (such as a password), something they have (like a token or smart card) or something physically unique about them (a biometric).
Passwords are cheap, plentiful and insecure. Tokens are handy but expensive and easily misplaced or stolen. Biometrics, which measure physical attributes with iris-scan, voice-recognition or facial-recognition devices, are usually costly and complex or affordable and unreliable. However, fingerprint scanners are a bright spot in this mostly dismal state of authentication strategies.

U-Match BioLink Mouse

$120

BioLink Technologies International Inc.

Miramar, Fla.

www.biolinkusa.com
Last year [Exec Tech, March 27, 2000], I tested a stand-alone fingerprint scanner that provided an affordable combination of security and convenience.
BioLink's recently released U-Match mouse takes the concept one step further. This $120 mouse contains a built-in thumbprint scanner and provides log-on security with no extra hardware on the desk.
It can be used for a stand-alone PC, but IT departments will be interested in BioLink's forthcoming server software, whose centralized administration speeds enrollment and helps assure compliance with security policies.
This server system and the U-Match mouse could reduce and maybe even eliminate password-related calls to the help desk. That alone might justify the server's cost of $3,500 for 50 seats.
BioLink says its mouse, unlike some older fingerprint readers, can't be fooled by Silly Putty imprints or cellophane-tape impressions of the thumbprint. In fact, the U-Match mouse can even tell if your thumb is still connected to the rest of you. I chose not to test this feature.
Despite its comfort and ease of use, the biometric mouse still adds a few seconds to the sign-on process. It can take even longer if it doesn't immediately recognize the fingerprint, as can happen when the thumb isn't aligned exactly.
And that's a problem. The possibility of a false negative is the reason nearly all biometric products need a secondary, overriding mechanism - and most opt for a simple password.
Unfortunately, having an alternate log-on procedure creates a real problem: Once the novelty of using the fingerprint wears off, users often routinely use just the password. For stand-alone use, typing ctrl-alt-delete can bypass the fingerprint scan.
In the server-based version, due