Fingerprint scanners make good computer security easier

Eric E. Cohen//March 26, 2010//

Listen to this article

Are you security-conscious, or do you work with folks who perhaps are not as security-conscious as they should be? A little device is available-and might even be on your computer’s keyboard already-that could help you feel more comfortable in either situation. That device is a fingerprint scanner.

In this column, I would like to introduce some of you to that little glass-covered opening to the right of many touchpads on laptops, explain reasons for using it and offer some tips for using it more consistently.

Fingerprints are supposed to be unique, and fingerprint scanners rely on that uniqueness to restrict computer resources to authorized users. The fingerprint reader is the predominant biometric device used on mobile computers to verify a person’s identity.

When an authorized user places his or her finger on the reader, computer software recognizes the fingerprint and then, as appropriate, logs the user into the computer’s operating system, an important program or a secured Web site.

A fingerprint reader is standard on many business laptop computers, and often it is just to the right of the touchpad, the device that replaces a mouse on most portable computers. Many external keyboards also include fingerprint readers. Optional fingerprint readers can be bought as stand-alone, USB devices; some external mice also come with fingerprint readers, all for far less than $100.

So what is the advantage of a fingerprint reader over the obvious primary alternative, typing in one’s login name and password? Basically, one movement of a finger accomplishes the same as a lot of typing.

If you are security-conscious, you may be painfully aware that when you start up your computer in public-in a meeting, on an airplane, at a nationally known corporate coffee cafe chain from Seattle-someone may be watching, in person or by web-cam. When you log in to your computer with a finger swipe rather than by typing in name and password, you no longer have to worry about hiding your keystrokes.

Concerned about keystroke loggers or phishing attacks? Loggers have nothing to log if you aren’t typing, and phishing attacks don’t work when the software can’t be fooled by lookalike Web sites.

Are your co-workers somewhat less than security-conscious? Do they leave their passwords lying around on sticky notes or under their keyboards? Do they choose passwords like "password," "123456" or "qwerty"? When fingerprint scanners are available, you can force people to use longer and more secure passwords, with hard-to-remember combinations of letters, numbers and punctuation marks, with less pain.

Depending on the reader and the associated software, the fingerprint scanner may just get the computer started and logged into the operating system (which is pretty good on its own), or-in conjunction with password management software-it may log the user into virtually any program or Web site.

So if fingerprint readers are standard on many computers or are easily added, and if they have benefits both for those of us who are paranoid when typing our login names and passwords into our computers and for people who should be paranoid but instead are somewhat careless, why isn’t everyone using them?

Some users are happy enough with a password manager. There’s no extra hardware; you type one password to get started, and it takes care of the passwords from there. This means that a computer is "open" once that master password is provided, but it provides much of the value without the cost or training.

Some users try fingerprint scanners and then give up when maintenance is involved. Some software requires retraining each time the major password changes, which can be pretty often under corporate policy. Other users have to give up when changes in their operating system render their hardware unusable, which happened to some users with updates to Vista or Windows 7. Fortunately, you usually can still type a password even if the reader doesn’t work.

Getting started with fingerprint scanning isn’t difficult. Your computer or operating system will have software that will prepare the scanner for use. Normally there is a tutorial to help users get ready and then an enrollment process in which you teach the computer to recognize your fingerprints, for one or more fingers. You reboot the computer, scan your fingerprint, enter your login and password once, and from that point on, you shouldn’t need to re-enter the information again until there is a change.

If your software has the capability, each time you are presented with a login and password, such as for a program or a Web site, you can scan your fingerprint and enter the login information, and the software will do the work from that point forward.

How do you make working with computers more secure and passwords easier to cope with? If you thought you couldn’t quite put your finger on it, you might be wrong. Your finger and a fingerprint scanner may be an important part of the solution to password paranoia.

Eric E. Cohen, CPA, of PricewaterhouseCoopers LLP, is spending his time reinventing how accounting information is shared, with XBRL.org.