Product Group Tests

GroupTest: Biometric tools

Group Summary

Biometrics are affordable and there are so many new types of reliable, low-cost products that there is something for just about any application. The problem, of course, is that new versions, new models and new applications are beginning to sprout like weeds in this space and not all vendors were ready to show their wares.

Scroll To Full Group Summary Below

Click for a side by side comparison of products
Click for a side by side comparison of products

Full Group Summary

A few years ago, we wrote about biometrics coming out of science fiction and becoming a very real and feasible option for high security applications, such as government agencies and high level areas in airports. Since that time, we are seeing these products and devices becoming affordable for almost any enterprise that wants to play. From scanners for access into physical areas to fingerprint scanners at every workstation, these devices are finding their way as everyday applications. Simply put, biometrics are becoming mainstream. We are seeing this product space continually growing, and the technology is becoming more and more affordable, as well as reliable.

Unfortunately, we did not have a lot of products to include in the group this month. Many of the vendors we contacted are getting ready to launch new products in the coming months and they did not want to have us feature an old and outdated product at the time of publication. This is becoming the hallmark of the industry - with maturity comes both technological and business acceptance.

Interestingly, I have a discussion question that I pose to my students that addresses this phenomenon. Three years ago, the students were posing all sorts of alternatives. This year the general answers were: why worry? Biometrics are affordable and there are so many new types of reliable, low-cost products that there is something for just about any application. This signals a sea change in both the state of the biometric art and the biometric marketplace.

The problem, of course, is that new versions, new models and new applications are beginning to sprout like weeds in this space and not all vendors were ready to show their wares.

Buying biometrics
It used to be easy. If you had an average network, you would use passwords and save the expensive biometrics for the high security applications. Then, you would bite the financial bullet and go for the appropriate product.

A year or so ago, it began to get easier. Many networks, and even individual users, could benefit from biometrics of some sort, and we even began to see thumb drives with biometric authentication.

This year, there is almost no security application where strong authentication is required for which you cannot find an appropriate biometric device. While it is true that some are trivial, all have advantages and all should be considered. For example, notebook computers with built-in biometric authentication are becoming commonplace.

The bottom line in buying biometrics is fairly simple. First, match the application to be protected to the appropriate level of biometric type and device. If you have a large population to protect, be sure that there is some form of centralized management, provisioning and deployment.
Second, be sure that the product you are buying cannot be bypassed simply by removing it. This is a problem with some add-in PC biometric access control products.

Finally, be sure that you are not spending $100 to protect $10 worth of assets. It really is that simple to move from reusable passwords to biometrics. The debate about biometrics versus one-time passwords is one we will save for a future issue, but even here, today's biometrics come out credibly.

How we tested
The test for this group was straightforward. For our test bed, we simply set up a Windows domain, which included two servers running Windows Server 2003 and a client machine running Windows XP. One of the servers was configured as a domain controller and the other as a member server on which management applications were to be installed. We created a domain user account which resided in its own Organizational Unit in Active Directory. From here, it was a matter of installing the devices where they fit. Access control devices were connected to the network for basic simulation tests, and the workstation devices were installed on the client workstation and tested using the test user account.


Michael Stephenson contributed to this group test.

All Products In This Group Test