Government Computer News
Biometric devices improve but still need more work
There are many ways to defeat these devices, so you need to consider their weak points
Digg
De.licio.us
Slashdot
Technorati
BY CARLOS A. SOTO | GCN STAFF
Call me paranoid, but I have some good company. Most biometric security programs store the user’s unique physical characteristics on a hard drive, and Robert Flores, the CIA’s chief technology officer, says it’s easy to defeat them by hacking into the middleware [see story at www.gcn.com/vol1_no1/daily-updates/3618-1.html].
When I quoted Flores’ statement to the five biometric vendors in this review, they either changed the subject or essentially said, “Well, nothing is foolproof”—except for one company. Net Nanny Software Inc.’s representative not only agreed with Flores but also said that middleware vulnerability is what makes the company’s BioPassword effective.
BioPassword is the first behavioral biometric product I’ve tested that is not for password replacement but rather for password security enhancement. It compares a user’s log-in attempt against the user’s typing template in Microsoft Windows NT’s SAM database on the primary domain controller.
Password flaw
Most other biometric products, such as fingerprint or voice readers, give the option of defaulting to a password instead of a biometric log-in. This is a failsafe way to admit users in case of device malfunction or finger injury or laryngitis. A hacker wouldn’t have to worry about the biometric portion of the log-in so long as the user name and password were known.
But say the hacker breaks into the BioPassword code and learns the user name and password. How does the hacker then reproduce the typing pattern? It’s next to impossible.
On the downside, there’s no BioPassword for standalone computers, and the version for Microsoft Windows 2000 just came out. You pretty much need an NT network with a talented administrator to install and run it.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
