U.are.U fingerprint scanner keeps access to your PC personal

U.are.U fingerprint scanner keeps access to your PC personal

By Pete Loshin

Special to GCN

Not only do I remember the days before PCs, but I once knew how to program the breadboard for an IBM Corp. card sorter. Installing new hardware and software has always been a hassle, but we're making progress.

Even with some unusual aspects to the installation, I managed to get Digital Persona's U.are.U fingerprint recognition system up and running under Microsoft Windows 98 in about five minutes.

In and out

First, the weird part: The installation routine's first instruction is to get your Win98 install disk so you can load some .cab files. Once you're done, you've got to stick the U.are.U CD back in the drive, and you'll see both a continuation prompt and the initial install welcome prompt.

The device's dim red glow brightens for scanning when it senses a finger nearby; I found the color unnerving at first but got used to it.

At $149 for the basic package, which includes a Universal Serial Bus fingerprint scanner and log-in management and screen-saver software, U.are.U offers an attractive solution for standalone security. A networked version is expected this summer.

If you opt for the U.are.U Deluxe that I tested, the price jumps to $199, but you get U.are.U Private Space software, which allows users of a single computer to encrypt their own personal areas. Though Digital Persona's documentation doesn't say anything about it, the encryption algorithm uses 128-bit keys with the Blowfish algorithm invented by Bruce Schneier.

U.are.U pretty much does what it says it'll do, and that is to replace the passphrase with a fingerprint scan. To log on to Win98, put your finger on the glass and U.are.U welcomes you in.

Enrolling a new user is easy. The user who installs the program becomes the security administrator and is allowed to run the enrollment program. Choose a finger from a mockup of a left and right hand, let it scan four times to get a solid reading and detect all the fingerprint attributes, and you're done.

You can even enroll more than one user identification for yourself, assigning separate fingers for different IDs.

From then on, you just scan your finger to log in; you can click an icon in the System Tray to activate a screen saver. At that point, only you can restore the screen by putting your finger down.

Though Digital Persona ships U.are.U Deluxe in a big, bulky box, the box is mostly full of air. It contains two CDs, the scanner'shaped and sized roughly like a small wedge of watermelon'and two very thin, 5-inch-square booklets.

Documentation is sparse but sufficient for most uses, and though you won't find much background information about what kind of encryption is in use or any information about false positives, you will find complete contact information for support, including a toll-free number.

In addition to log-ins and the screen saver, U.are.U comes with a password bank feature that allows you to link your fingerprint to passphrases used to access different systems from your PC. You can add, change or delete passphrases and applications as necessary.

U.are.U handily works as advertised. I can use it to allocate space on a shared family computer and keep my toddler away from his mommy's e-mail.

No single factor

The standalone version could be just the thing for securing isolated systems, while the upcoming networked version may provide an easy-to-use solution for some offices. But relying on fingerprint scanning alone as a single-factor access device may not give security sticklers the warm and fuzzy feeling of two- or three-factor systems.

Tips for buyers

  • Always be careful about evaluating security needs. A standalone security device may not be sufficient for a networked system.

  • Evaluate biometrics in the context of the environment and the population: Fingerprint recognition may not be feasible with field personnel under extreme conditions where, for example, dirt can prevent scanners from working.

  • Consider, for higher security, building a duress option that allows access while it silently notifies authorities.

  • Remember the overall security architecture and how biometrics fit in with Microsoft Windows NT or Novell NDS directories, or an Entrust or other public-key infrastructure.

  • Realize that biometrics are not the only answer. Token access control devices come in all shapes and sizes, not just smart cards and card keys. For example, the iButton from Dallas semiconductor Corp. of Carrollton, Texas, can be integrated into a key fob, watch, ring or money clip.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.