Product Group Tests
Biometric Tools 2007
The Bioscrypt VeriSoft v2.0 features a fingerprint scanner for biometrics but also is capable of managing user passwords, smart cards, proximity cards and virtual tokens. It performed very well throughout our testing. We award it Best Buy. The DigitalPersona Pro Workstation and Pro Server v4.2 focuses on making user names and passwords almost obsolete. We find this product to be a powerful performer and award it our Recommended.
Full Group SummaryToday’s crop of biometric products is innovative, work well and is acceptably easy to implement.
It is quite common to be able to perform multiple tasks with current biometrics. You can gain logical access to computers and networks, you can gain physical access to doors, and you can create biometric profiles of individuals using facial recognition.
We saw an interesting trend in the area of false acceptance and rejection rates: adjustability. Many products allow you to determine your tolerance for these two anomalies. This is important because in order to tighten these parameters you must sacrifice usability. You must balance your appetite for security with your patience for supporting high rejection rates if you set the acceptance rates too low.
If you tolerate low rejection rates — perhaps in the name of ease of user support — you may find that the false acceptance rate becomes too high and you sacrifice security for convenience. Adjustability allows individualization of the biometric access controls to fit the environment in which they are to be used.
Another trend — one that indicates that the field of biometrics is maturing — is the emergence of standards, both in the U.S. and internationally. We found that most of the products that we reviewed conformed to one
standard or more.
What to look for
There are some important considerations when you consider adding biometrics to your network access control plans. The most important, of course, is what you plan to use the biometrics for. Biometrics are still a bit pricey — although prices have come down over the years and continue to fall — so you need to apply the right tool where it really is needed. There are less expensive alternatives to biometrics, but for high security applications, biometric access control still is the platinum standard.
The second issue is what type of biometric tool is the right one for your application. Fingerprint scanners are the least expensive and offer the most choice of vendors. However, there are products that combine fingerprint scanning with some other form of authentication, such as a PIN or a smart card. Occasionally, a product will support all three for extremely secure access control, sometimes called strong authentication service, or SAS.
For robust authentication, pick a product that supports multiple authentication methods. It is useful if the product supports access to both the enterprise and physical locations using biometrically controlled locks. This allows centralized logging of accesses. Often, different methods are used depending on the requirements. For example, the door access may use SAS, while computers use only fingerprint scanners. However, some products allow you to combine the types of sensors into a single system and even to integrate with existing authentication infrastructures.
How we tested
Our testing this month was the most individually customized of any we have done so far. This was necessary because we had several types of products in the lab and they had different purposes. Generally speaking, we installed the biometric software (client and/or server, plus appropriate databases), plugged in the sensor (fingerprint scanner, facial recognition, etc.) and performed a suite of functionality tests. In these tests, we mostly were concerned with whether the product performed as advertised.
We were interested in how easy the product was to implement and administer, whether it did the things its developer claimed it could do, and whether we experienced large numbers of false rejection and acceptance rates. Those measurements were very unscientific since time did not permit the thousands of physical tests needed to obtain a statistically valid sample.
Generally speaking, we found that biometric products have increased in number, quality and standardization. Although they are useful today for specialized applications, we foresee the day when pricing makes them the universal replacement for other kinds of authentication in moderate to high security environments, instead of being restricted to very high security applications. We also found that most of the products we reviewed were highly competent. We had a very hard time selecting our Best Buy and Recommended products from this herd of winners.
Mike Stephenson contributed to this review.