The PINprint Pilot's log-ins are very iffy
- By Carlos A. Soto
- Jun 27, 2002
The PINprint Pilot attached to a handheld Palm OS computer needed a couple of tries to read prints because finger placement could vary.
(GCN Photo by Henrik G. DeGyor)
Should a personal digital assistant have biometric authentication just like a PC?
Yes, according to Applied Biometrics Products Inc. The company's PINprint Pilot fingerprint reader works with Palm III, V or VII handhelds.
I tested the bulky, 3.25- by 2.25- by 1-inch silicon chip fingerprint reader with a Palm IIIc, but the reader often refused to accept the fingerprints I had enrolled.
Poor design of the finger slot meant my fingertip assumed different positions when I tried to log in. On average, it took a couple of attempts each time.
This sort of design flaw was common with earlier-generation biometric devices.
Another problem the PINprint Pilot shared with older biometric products was slow operation. It took several seconds to read a print. When the device occasionally froze, I had to reboot and start over.
A third design flaw was poor marking for where the two AAA batteries should go. The slots were accessible only after I slid the face of the reader off.
Two software programs came with the device on a floppy disk. PINprint enrolled new users, and PBioLock managed the reader. Both installed on the PDA through a PC in about five minutes.
With any fingerprint recognition device, I recommend enrolling at least two fingers and leaving the option of using a password if necessary. But the PINprint software would still let me log in to the PDA even if the print reader malfunctioned or I forgot the password.Security problem
That's a huge backdoor that defeats the purpose of biometric security.
To maintain some degree of privacy in case of PDA loss, the PINprint software deleted the stored password and fingerprints and made me re-enroll when I said I had forgotten the password. It also deleted information in the PDA marked as private.
When I chose the Forgot option, this message appeared: 'Deleting a forgotten password will remove all records marked private. Previously synchronized private records will be restored at the next HotSynch operation. Do you wish to proceed?'
It's no comfort to me to know that any thief who stole my PDA could use it and the $175 PINprint device, too.