The Future of Security?

by MaxPower

When James Bond enters MI6 he would no doubt have to go through a variety of security checkpoints. Perhaps he goes past a guard who checks his ID card and then proceeds to a station where he speaks his name and a voice recognition program checks his voice profile against a master copy which could determine whether it really is Mr. Bond and whether he is under some sort of distress. Then onto a tertiary security check where Bond places his finger on a fingerprint scanner and finally to another door where he undergoes a retinal scan. This type of security is well-known in action and science fiction movies but recently has become the stuff of science fact, and not just in prototype form but used in everyday life. This is the science of biometrics and there is strong evidence to show that it will become the future of security.

Fingerprint scanning and identification has become the biometric of choice, basically because of ease of use and economics. Voice recognition would involve some complicated software and a microphone able to provide a clear recording of your voice ? this would be difficult in crowed rooms or areas where you would rather not speak. Iris scanning, while probably the most ?fool proof? method is fairly intrusive (you have to stick your head on an optometrist type device and hold still), time intensive and costly. Fingerprint reading on the other hand (pun intended) is a safe, secure way for people to gain added security through biometrics. One of the first places fingerprint scanning is being developed commercially is for your home computer. Microsoft has recently come out with commercially available fingerprint readers which help you manage security both online and on your computer. These readers come attached to a keyboard or as a standalone device priced from $75 – $160 Canadian. But what exactly do they do and how do they improve your home computer security?

The Microsoft fingerprint readers are designed to help users gain better overall internet security by linking your fingerprint with your online passwords and then remembering that association. This allows you to make stronger passwords with numbers and different cases without having to actually remember them.

The process works as such:

  • You hookup the fingerprint reader and install the software. The reader itself is no bigger than a credit card when stand-alone or just a small piece of the keyboard (situated over on the left hand side) when integrated. It glows a somewhat menacing red just like the bottom of an optical mouse. The effect, coupled with the black and silver keyboard, is fittingly high-tech.
  • You then have to get your fingerprints ?scanned?. The software?s setup wizard takes you through the process, which should take less than five minutes. You?re encouraged to scan more than one of your fingers in case you burn your finger or break your hand and you can?t scan it anymore.
  • The program takes four pictures of your fingerprint at different angles so that you do not need to place your finger on the reader at any one angle to make the reader work.
  • Once you have scanned your fingerprint you can then go to any website that you use a login and password. Once there you will be invited by the reader to associate your fingerprint with your user ID and password. So let?s say you go to Hotmail. You would type in your email address and password in a separate screen (automatically popped up by the program) and you?d be set. Next time you come to Hotmail you simply place your finger on the scanner and it will fill in both your email address and password for you.
  • The whole benefit of the system is that you should go around to all of your password-required sites and create new ?strong? passwords. Once completed you?ll associate that new password with your fingerprint allowing you access to all of these sites without needing to remember the passwords or writing them down.

If you are anything like me, you think all of this sounds great but you?re somewhat skeptical about how this biometric system actually works. When I first heard about it I must say I was dubious. Numerous questions popped into my head not the least of which was: ?Hey, I don?t want Microsoft having a copy of my fingerprint?. The answer to which is, they won?t. The program takes a picture of your fingerprint, breaks it down into binary, encrypts it and stores it on your computer?s hard drive ? apparently somewhere in the Windows registry. So first of all this data isn?t transferred back to Microsoft HQ to form a massive fingerprint database of all Windows users, and second of all, it isn?t actually your fingerprint, rather a digital association of what it ?would? look like in a picture.

After that was explained to me I felt a bit better but still had some nagging doubts. First of which was, what happens if some hacker breaks onto my hard drive and steals my ?fingerprint association file?? Well the hacker would then theoretically have access to those accounts associated with the file but they wouldn?t know which accounts had been associated with the fingerprint because that data is stored separately in the web browser. Theoretically, that could be compromised as well but it makes the hacking process more complicated.

Secondly, I asked – isn?t this process really just the same as getting a website to ?remember? your password for you? The answer was: not in the slightest. If you are always logged into a site, anyone who happens to be on your computer will be able to access that account. With the fingerprint association you don?t need to be constantly logged in for fear of forgetting your password. As long as you have your finger still attached to your body you?re good to go. (Even if you lose one finger they recommended you associate more than one finger on both hands ? remember?)

Finally, I came to the realization that even though there is risk that someone could compromise your computer and grab this info, there is a greater and very real possibility someone could compromise anyone of your passwords as it is right now. The way I see it, the Microsoft fingerprint reader system is like putting a ?Club? on your car. Is it a theft deterrent? Yes. Will it prevent your car 100% of the time from being stolen? Ask the car-jacker with a hacksaw how long it will take him to saw through your steering wheel and take the Club off. The Club is a deterrent because it is easier for a common criminal to steal the next car over that doesn?t have the club on it, however, a professional auto thief will make short work of that, rather feeble, security measure. Will this Microsoft fingerprint reader make your passwords 100% secure? No. Will it help you maintain better personal security by having different and complicated passwords for all of your password required sites? You bet. Microsoft does, however, issue one caveat; they suggest that ?this product should not be used to replace passwords for accessing sensitive data, such as financial information?. The way this caveat was explained to me is that you should take your most important website password (presumably your banking information) and not associate it with the fingerprint reader. This is so that if the system is compromised your most important data is still safe. The fingerprint reader system can still help you make your banking password more secure. Rather than just using an easily remembered ?stock? password for your online banking this would now be literally the only password that you did have to remember and therefore could be quite complicated. Nothing is as safe as an extremely complex password retained only in your mind.

Beyond the security consideration the ease of use is quite shocking. Let us run the theoretical ?mom? test ? will this new consumer product be easy enough that my mother could use it? I would say absolutely. The setup process takes two minutes and involves placing your finger on a scanner four times. The password association on each webpage takes longer and is a bit more complicated with different screens popping up and whatnot but once it is done once there is nothing to maintaining the system. You simply type in Hotmail.com, press your finger on the reader and you?re looking at your email. Plus there is the added convenience yielded by the ability to set up multiple accounts which makes this a great tool for households with more than one user on the same computer. Different fingerprints can be associated with different users on the same site.

But what of my last nagging doubt? The conspiracy-prone part of me has an ideological antipathy towards using my fingerprints in such a way that they could at some point be used against me. I came to the striking realization that no matter how good a hacker is, if they compromise the system they will still only have a binary representation of what my fingerprint would look like as a picture and there is no technology that is available which could be used to create an artificial fingerprint and frame me. Phew.

  • The Future of Security?
  • by MaxPower
  • Published on December 1st, 2004

More from :

Other recent features: