Once the stuff of James Bond films, fingerprint-reading sensors have now gone mainstream as a way to log on to your computer, or on to Web sites you visit. In the consumer market, fingerprint recognition is sometimes sold as a better form of security, since prints are presumed to be harder to spoof or copy than passwords; and sometimes as a convenience, since it’s much easier to swipe your finger than to remember a bunch of passwords.
Even if they are used mainly as a convenience, fingerprint readers can contribute to security, because people using them are less inclined to adopt insecure methods for remembering passwords, like writing them on visible Post-it Notes, or using the same simple password again and again.
Still, fingerprint readers are relatively rare in consumer PCs, so we thought we’d try some out to see how easy and effective they are. We were curious about how simple it is to train a computer to recognize a fingerprint, how accurate the readers are, and how easy it is to use them instead of passwords.
We tested two laptops with built-in fingerprint readers — a high-end $2,149 ThinkPad Z60t from Lenovo Group Ltd., and Toshiba America Information Systems Inc.’s $1,899 Protege R200. We also tried Microsoft Corp.’s $40 Fingerprint Reader, which attaches to the USB port of any computer, desktop or laptop, running Windows XP.
All three of these can use your fingerprint for logging on to a computer, rather than typing your password each time, and each also functions likewise with Web sites that require user name and password identification.
Our conclusion is that these fingerprint readers were simple to set up and worked pretty well, but that some of the software that controls the process is confusing and could be a lot better. Fingerprint authentication isn’t perfectly secure. Nothing is. Some fingerprint readers have been fooled by plastic molds of fingerprints. But they sure are convenient.
Also, other types of biometric authentication are competing with fingerprints. While we were doing our tests, we got a look at one challenger, a gadget from Fujitsu that reads entire palms and the veins running through them. As your hand hovers palm-down over this device for a couple of seconds, special technology captures an X-ray-like image of your palm and its veins.
This technology is more advanced than fingerprint-recognition devices, as it won’t work unless it detects blood coursing through the veins in your hand. Also, Fujitsu says, it’s much more difficult to imitate another person’s internal structure, since it can’t be viewed by the naked eye, nor can it be lifted from a surface, like fingerprints. But it won’t be in consumer computers for years.
Microsoft’s Fingerprint Reader was straightforward. After loading its included software, we plugged it into our PC’s USB port. Its oval surface area was a perfect fit for a finger, making it the most comfortable to use, and its center glowed red once attached.
We followed a setup wizard to get started, selecting two fingers from a diagram of right and left hands. After selecting each — we used our right and left index fingers — we touched each correct finger onto the Reader four times to get an accurate scan. To use this recorded print as our password, we simply touched our finger to the Reader whenever opening a new browser screen that required password data. We had to type in our user names and passwords the first time, but after that the reader software allowed us to substitute a fingerprint swipe.
We tried various Web sites, including Trumba (the online calendar we use); the New York Times Web site; Evite.com, an invitation service; a cooking Web site called Epicurious.com; Yahoo.com; and Gmail.com. We couldn’t open Evite using Microsoft’s Fingerprint Reader, as it uses a Java technology that Microsoft explained wouldn’t work with the device.
When setting the Reader up with Gmail, we entered the wrong password for our account, and accidentally saved it with the fingerprint, so whenever we tried to use our fingerprint with the log-in page the wrong password was automatically entered. This was easily fixed by retyping the password within the device’s Log-On Manager.
This device works only on Internet Explorer 6.0 or above and the MSN 8.0 or 9.0 browser. If you ever should decide you no longer want to use the Fingerprint Reader, you can simply unplug it and go back to entering your passwords on required screens.
The Lenovo ThinkPad and Toshiba Protege both use barely noticeable fingerprint recognition devices that are built into the lower right edges of their keyboards. Each worked the same way — by dragging a finger over it, top to bottom, like petting an animal with one finger.
But we found the Lenovo software, Client Security Solutions, to be much too geeky. For one thing, it confused us with two options for controlling the start-up of the machine. One was the familiar Windows log-in process, and the other was a “power-up” log-in, which occurs before the Windows screen appears and doesn’t exist on most computers. But, it was possible to set up the Lenovo system in such a way that you were never given the opportunity for a different user to log in to Windows.
Also, an annoying screen offering fingerprint access to technical settings of the PC, something mainstream users would never use, would appear each time our ThinkPad was restarted, before it disappeared too quickly to read it.
Lenovo told us that we could use its software to replace other passwords on the computer with our fingerprint, including those on Web sites — like the Microsoft device. We walked through about seven steps in the ThinkPad’s detailed Client Security Setup Wizard to enable this feature, and then started training the laptop to remember our user names and passwords for Web sites. But this process took much longer than the others, and in the end we still weren’t successful in swiping our fingerprint in place of Web site user names and passwords.
The Toshiba Protege’s OmniPass Finger Print Software was much more user-friendly. A few explanatory menus walked us through how to replace our Windows log-in names and passwords with fingerprints, and replacing Web site passwords was just as intuitive. We simply typed in a Web site address — such as www.yahoo.com — and after entering our user name and password, selected a “Remember this password” option. A key icon appeared on the screen, which we dropped near the log-in data that we wanted to be remembered. The next time that site was opened, we simply swiped a finger instead of entering a password.
All three devices advise users not to rely on their fingerprint readers for absolute security, and instead, encourage them to create and use “secure” passwords — those that contain tricky combinations of numbers and letters — for very important password-protected data.
We were favorably surprised by how much time we saved by using our fingerprint, rather than typing passwords into various Web sites.
Fingerprint recognition is a smart solution for saving time and avoiding the memorization of long lists of passwords. Just make sure the system you choose is meant for average users, not engineers.
- Email: MossbergSolution@wsj.com.