Product Group Tests
Biometric tools (2007)
Our Best Buy is Bioscrypt VeriSoft, which offers all-inclusive fingerprint authentication along with other methods and easy management.
For its ease of use and powerful feature set, we make Digital Persona Pro our Recommended product.
Full Group Summary
From fingerprint scanning to facial recognition, these solutions provide high-security access control to networks, PCs and buildings. Will passwords soon be a thing of the past? By Peter Stephenson.
Today's biometric products have come a long way from their unreliable, cumbersome early incarnations. They are innovative, work well and are acceptably easy to implement.
We found that it is quite common to be able to perform multiple tasks with current biometrics. You can gain logical access to computers and networks, you can gain physical access to doors, and you can create biometric profiles of individuals using facial recognition. The only disappointment was that we did not have the current version of a hand geometry product and a retinal scanner.
In the area of false acceptance and rejection rates we saw an interesting trend: adjustability. Many products allow you to determine your tolerance for these two anomalies. This is important because, in order to tighten these parameters, you must sacrifice usability. You have to balance your appetite for security with your patience for supporting high rejection rates if you set the acceptance rates too low.
If you tolerate low rejection rates - perhaps in the name of ease of user support - you may find that the false acceptance rate becomes too high and you sacrifice security for convenience. Adjustability allows individualisation of the biometric access controls to fit the environment in which they are to be used.
What to look for
There are some important considerations when you are planning to add biometrics to your network access-control plans. The most important, of course, is what you plan to use the technology for. Biometrics solutions are still a bit costly, even if prices have come down over the years and continue to fall, so you need to apply the right tool where it really is needed.
There are less expensive alternatives to biometrics, but for high-security applications biometric access control still is the platinum standard.
The second issue is what type of biometric tool is the right one for your application. Fingerprint scanners are the least expensive, and you have the most vendors to choose from in this field. However, there are products that combine fingerprint scanning with some other form of authentication such as a PIN or a smart card. Occasionally a product will support all three for extremely secure access control, sometimes called strong authentication service or SAS.
For robust authentication pick a solution that employs multiple authentication methods. It is useful if the product supports access to both the enterprise and physical locations using biometrically controlled locks. This allows centralised logging of accesses. Often different methods are used depending on requirements. For example, the door access may use SAS while computers use only fingerprint scanners. However, some tools allow you to combine the types of sensors into a single system and even to integrate with existing authentication infrastructures.
How we tested
This month saw the most individually customised testing we have done so far. This was necessary because we had several types of products in the lab and they had different purposes.
Generally speaking, we installed the biometric software - client and/or server plus appropriate databases; plugged in the sensor - fingerprint scanner, facial recognition, etc; and performed a suite of functionality tests. These were mostly concerned with whether the product performed as advertised.
We were interested in how easy the product was to implement and administrate, whether it did the things its developer claimed it could do and whether we experienced large numbers of false rejection and acceptance rates. Those measurements were very unscientific since time did not permit the thousands of physical tests needed to obtain a statistically valid sample.
Overall, we found that biometric products have increased in number, quality and standardisation. Although they are useful today for specialised applications, we foresee the day when pricing will make them the universal replacement for other kinds of authentication in moderate to high-security environments rather than being restricted to very high-security applications as is still the case now. We also found that most of the products we reviewed were highly competent. We had a very hard time selecting our Best Buy and Recommended products from this herd of winners.
- For details on how we test and score products, visit http://www.scmagazineus.com/How-We-Test/section/114/