 |
||||
|
|
|
||
|
Contents 
Introduction
The world's easiest business case?
The big sticking point
Putting your finger on it
Sidebar: Getting a feel for biometrics |
|
||
|
|
||||
|
|
||||
Such difficulties have dogged the growth of what should rightfully be an explosive market, given that password replacement is among the easiest business cases that a company could contemplate.
Not following? Consider the burden that passwords currently place on the IT organisation. Each user has one, or probably several, passwords, each of which must typically be changed every month or two.
Being human, users often forget their passwords, and must call the help desk to have them reset. Simply in terms of lost labour, Gartner estimates the cost of password resets at between US$51 and US$147 each, or US$400 to US$600 per user per year. Between 20 percent and 50 percent of all calls to IT help desks, Gartner research suggests, are because users need their passwords reset.
In other words, a modestly sized environment with just 500 users might be spending US$250,000 annually just to keep those users' passwords updated. These figures are often unavailable to most companies because they're subsumed within overall helpdesk costs, but when broken out of helpdesk costs they represent a significant line item.
Regular password changes also present an often ignored security risk, since authentication by phone requires helpdesk operators to establish to their satisfaction that the person on the phone is the person they say they are. While many companies will have clear guidelines for establishing this fact, such manual processes leave open a significant potential security hole that could be exploited by savvy social engineers.
Now consider the alternative: a AU$75 USB fingerprint scanner installed at each desktop, for a one-off cost of AU$37,500 in the same environment. Users can hardly forget their fingerprints, and both desktops and notebooks can be easily configured to limit access to those whose fingerprints are in the encrypted on-disk database.
Network applications can be secured in the same way, with scanned fingerprints generating a long and unique string of bytes that is infinitely harder for criminals to guess than a simple alphanumeric password.
The volume and cost of password-related helpdesk calls drop to zero, and users can get to the applications they need faster than ever. Particularly sensitive applications might get two or more layers of protection, but elimination of passwords for access to everyday systems nonetheless offers significant savings.
Standalone USB scanners aren't the only way to introduce fingerprint scanning, which certainly isn't the only form of biometric authentication, but it is the only one to have come down in cost enough to be a viable workforce-wide authentication option. Mice, keyboards, and several models of PDAs such as the HP iPaq have offered built-in fingerprint scanning for years; notebook makers have sporadically followed suit. For its part, IBM late last year released its first-ever notebook with an in-built fingerprint scanner.
For companies considering the introduction of biometric authentication, the widespread availability of fingerprint scanners may well make such devices worth considering during their next desktop upgrade. Under the cost equation discussed above, the small incremental cost of biometric-capable devices will be more than made up for by the potential savings from password replacement.
You *** head travis