Just let your finger do the authenticating
GCN Lab Review | The DigitalPersona Pro 4.0 fingerprint reader provides biometric authentication and single sign-on capability
- By Michelle Speir Haase
- May 04, 2007
Accuracy has always been the bottom line for fingerprint authentication, but speed and ease of use are essential too. Without them, people will avoid using the system.
Today's sophisticated systems are a far cry from those on the market when we first started testing them in 1998. Both the hardware and software have improved, and we're impressed with the latest products.
One of these is the new DigitalPersona Pro 4.0 system from DigitalPersona. It's an enterprise single sign-on system, which means you can replace multiple passwords with a single fingerprint. For example, you could use your fingerprint to log on to multiple Web sites and applications in addition to your computer.
What's more, you can deploy it on notebook PCs with integrated fingerprint readers so users can benefit from the single sign-on capability. DigitalPersona is the only company on the market that supports embedded third-party fingerprint readers from major notebook PC vendors, such as Dell, Hewlett-Packard, Toshiba, IBM and Itronix.
Our system came with an optical fingerprint reader to use with a desktop PC. The reader's footprint is about 3 inches by 2 inches, and it connects to the computer via USB. It's only about half an inch high, is silver in color and features curved edges, so it looks good on your desk. DigitalPersona also makes keyboards with embedded fingerprint readers.
New features in Version 4.0 include faster user authentication, the ability to authenticate more users per server and an extended personal identification number length.
The system can now authenticate 3,000 users per server, which is three times as many as the previous version, and it can scale to more than 100,000 users.
The personal identification number length has doubled from four digits to eight digits, increasing randomness. Administrators might choose to use PINs and/or smart cards in addition to fingerprints for the additional security of multifactor authentication.
DigitalPersona Pro 4.0 is built on Microsoft Active Directory, which it uses as a master security directory service and a storage repository for fingerprint templates and passwords.
Active Directory lets you assign enterprisewide policies and settings to network computers, even customizing the authentication process. For example, you can set the false-acceptance rate for fingerprint recognition or specify credential requirements.
The false-acceptance rate is the measure of the likelihood that the system will incorrectly accept an access attempt by an unauthorized user. A system's false-acceptance rate is typically stated as the ratio of the number of false acceptances divided by the number of identification attempts.
You can also use Active Directory to locate and administer users and resources across the network.
The administrative tools integrate with Microsoft's Management Console (MMC), and we found them very easy to use. Detailed explanations accompany each function and explain the effects of different settings.
We used the One Touch SignOn administrative tool to enable our test user to log in to several Web sites using a fingerprint. Enterprise administrators can use this tool to enable One Touch SignOn for hundreds of users.
The process was simple, and the next time our test user accessed the log-in page for one of the Web sites she was prompted to scan a fingerprint. Then a dialog box appeared asking for the username and password for that Web site. Users need to complete this process only once for each Web site.
After the initial setup, logging on to a Web site isn't quite as simple as merely placing a finger on the scanner, but it's close.
First you place your finger on the scanner, and a DigitalPersona menu box appears. Then you select the item called Quick Links, and you will see a list of all the Web sites enabled with One Touch SignOn. Click the name of the appropriate Web site, and you're logged in.
We liked the user experience with DigitalPersona Pro 4.0. Logging on to the computer was a breeze. The One Touch Logon feature replaces the standard Windows log-on dialog box, so all you have to do is touch your finger to the sensor.
If the administrator chooses to use multifactor authentication, you might have to enter a password and/or use a smart card, too. You can also use a fingerprint to lock and unlock the computer.
We give DigitalPersona Pro 4.0 a thumbs up. It's extremely user-friendly for both users and administrators.
The integration with Active Directory and MMC shortens the learning curve for administrators and keeps things standardized. The system is also customizable and secure.
The Digital Persona Pro Workstation Package, which we reviewed, costs $149 and includes the fingerprint reader. The DigitalPersona Pro Server 4.0 software installs on Windows domain controllers and costs $1,499.