Article by Rick Leinecker, January 3, 2007
It's right out of Star Trek - you touch a sensor and your fingerprint is verified. Or you look into a viewer that confirms your identity with a retina scan. Those futuristic means of identification are now here, and they significantly increase security. This new technology is known as biometrics, which is defined by Wikipedia.com as "is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits".
One of the dilemmas in the realm of security is the weakness of a system that relies on passwords. If you need a user name and password combination to access anything in the digital world, then it is vulnerable. Some users leave passwords on PostIt notes by their computers where they can easily be read. Passwords can sometimes be guessed, especially by coworkers and acquaintances. Passwords can sometimes be cracked with a technique known as brute force cracking. In short, passwords are not a perfect way to protect data and systems.
One very big step in protecting assets is the use of cards. The most common cards in use are credit and debit cards. This increases security greatly because not only do you need to enter a password at an ATM, but you need the physical card, too. (I'm purposely avoiding the topic of phone orders using credit cards because that's a totally different set of issues.) But beyond ordinary credit and debit cards, there are smart cards. American Express has one of these know as American Express Blue. It has a chip on it that contains much more information than your other credit cards. And most highly secure facilities issue smart cards to employees so that their access to various parts of the facility can be controlled and monitored (scary, huh?) I remember my days at MCI's Digital Imaging Division when my boss showed me just how much he knew about my day with a log of every room I entered along with how much time I stayed in it.
Even beyond passwords and cards are biometric devices. These can identify your fingerprints so that a positive identification can be made. This means that a user name, password, and fingerprint match are necessary to gain access. You can't lose a fingerprint (at least not very easily) like a card, so this system is far superior. You may have seen the movie National Treasure where someone's fingerprint was lifted from a glass. The lifted fingerprint was then used to create a fingerprint overlay that was part of the plot to gain access to a secure area. Fingerprint matching is pretty good, but not perfect as this movie shows. Although in almost every case fingerprints are close to foolproof.
You might be asking about cost. Surely these fingerprint readers must be expensive, right? They can be, but I just bought one at Best Buy for $19.95 - very inexpensive.
Retina scanners are even more secure than fingerprint readers. That's because you can't make a retina overlay from someone's eyeball as the fingerprint overlay they made in the National Treasure movie. Retina scanners are still rather pricey, and probably out of range for most small business.
The last biometric technique I want to mention is an embedded chip. Many people who require very high security have chips embedded somewhere in their body - usually right under the skin. These chips are in addition to the user name, password, fingerprints, and retina scans. When a person requests access to a resource, they are scanned for the presence of the embedded chip and its identity is verified.
I know what some of you are thinking. The next step is "The Mark of the Beast" from Revelations. I don't think so, but I understand the concern. It sometimes seems like things are moving towards that point with electronic payment accounts such a PayPal, biometric identification, and Social Security Numbers linked to everything we do. Just make sure you remember the possible dangers that could result if we give away too much of our freedoms.
That's the summary of the most common biometric technology that's available today.