Biometrics by the numbers
Biometrics picks up where passwords leave off, identifying users by unique individual physical characteristics: fingerprints, voiceprints, facial patterns, or even the motion of signing a name. Biometrics converts a physical characteristic into a number and generates a digitally encoded identifier based on this number. Because it is almost impossible for any two individuals to have identical traits, these numbers and algorithms essentially guarantee that each profile works for only one user.
These identifiers are numbers, not the actual fingerprints, voice prints, image scans, or motion scans. This is important for employees to understand, because they may object to being "catalogued"--having their fingerprint or retinal information stored on the client or the network. In the end, the only information stored is the unique digital imprint created during enrollment.
The biometrics advantage
Biometrics provides several potential security improvements over passwords alone. First, physical characteristics can't be forgotten or left behind. Second, it's almost impossible to fake a fingerprint, a voiceprint, or a signature motion. With both biometric verification and a password required for login, it's very unlikely that someone can use a stolen password for unauthorised access, as long as the servers containing the digital profiles are properly protected.
For the most part, administrators determine the level of security for each user and device. For example, fingerprint scanners can be set to test the print of a single finger or require all ten digits before allowing access. Putting a lot of data in a user profile, however, means that login takes longer. On the other hand, the more complex a profile is, the harder it is to replicate or fake.
Current biometric products are less expensive, simpler to deploy, and easier to manage than their predecessors. Some manufacturers concentrate on providing the hardware and back-end software for biometrics. Other companies concentrate on integrating multiple biometric technologies with existing Windows security and general network management infrastructure. There is, of course, much overlap in these offerings. What's important is that biometrics now integrates cleanly and easily within an overall network security management practice, including turnkey server kits and professional services that greatly simplify deployment.
How much does it cost?
Biometric devices start at under US$100 for a basic microphone or digital camera. Fingerprint scanners cost about the same. More specialised iris or retina scanners provide greater security but cost several hundred dollars per unit. Handwriting motion scanners require a digital drawing tablet (starting at around $150 per unit), plus client software (approximately $100 per seat) to work their magic.
Smaller organisations should look for devices that cleanly integrate with the security management already built into their operating system and allow for remote enrollment for offsite users. Larger organisations should expect to spend anywhere from $2,000 and up for each copy of server software plus client software and per-seat charges. Back-end administration and maintenance costs are comparable to any enterprisewide security management solution
