There is no foolproof way to protect your notebook data, but biometric security technologies can make it safer. Unlike passwords, biometric devices measure unique biological traits — like fingerprints, voice modulation or retinal images — and compare them to a stored profile. You can use the PC if, and only if, your biometric data matches the profile of the rightful user.
Fingerprint recognition, the most developed of these technologies, is now appearing in the corporate world. Both Acer and Compaq have released new notebooks with built-in fingerprint scanners. The units run on Windows 2000 Professional edition.
The devices are not error-free, so they’re best suited for businesses that need another safeguard for standard or somewhat sensitive data — not for top-level company secrets or environments where you need to log on quickly every time. To get started, you enrol one or more of your fingerprints in the units’ biometric database. During enrolment, the PC records your fingerprint minutiae — the characteristic bends and end-points of your fingerprint ridges. You repeat this process several times to verify the consistency of the results before the system adds your profile.
To log in, scan in your fingerprint again. The system then compares the new scan with the stored image. If a certain number of details match, you’ll gain access to your PC. You never have to match all of the stored details — this lets the system work even if you scratch your finger or position it differently on the scanner than you did before.
And therein lies the rub. If you require too many matched details for identification, you will get lots of false negatives — so you can’t get to your data. If you set the acceptance threshold too low, you’ll increase the number of false positives and may allow access to unauthorised users. Both of the laptops that we looked at enable you to alter this setting.
Acer’s $US3499 TravelMate 739TLV uses a Veridicom sensor and comes with two biometric programs: VbxCTR software controls rebooting and log-in, while WhoIsIt lets users encrypt directories and store passwords. Unfortunately, the two programs don’t share a single biometric database, so you have to enrol your prints twice.The $US3999 Compaq Armada E500 uses an Identix scanner. When sensing a fingerprint, the unit emits a red light, so you can easily tell when the scan is done. Another plus is easier enrolment. The Identix software is integrated with the Windows 2000 user management database, so you can enrol through an option in the log-in dialogue or by navigating the system dialogues.
Neither laptop’s biometric system worked perfectly. Getting the scanners to accept my fingerprint was like struggling to feed a faded five-dollar note into a vending machine — try and try again. On the reboot check, the Acer locks up after four failures and requires a hard restart before allowing four more tries. With practice — and patience — you can train yourself to present your finger more consistently. As a backup, both systems let you use a password to get in.
The Compaq’s biometric features seem better integrated with the OS, simplifying administration. The Acer’s WhoIsIt program, however, gives it a features edge, despite the inconvenience of double enrolment. The technology is far from perfect right now and mostly seems to solve one real problem: people often choose bad passwords. The first fingerprint scanning system to be available in New Zealand is the Identix system for Toshiba mobile PC users. Toshiba will ship the PC Card Fingerprint Reader as an optional add-on with all purchases of its range of notebooks or as an individual purchase ($515 — ex GST). The PCMCIA Card can be installed in notebooks with PC Card slots.