Touch-and-go computer access
- By Michelle Speir
- Mar 07, 2000
Testing by Michelle Speir and Lisa L. McNair
When trying to increase computer system security, new procedures often can
be burdensome, forcing employees to remember multiple passwords or learn
new routines.
Biometric security devices, such as fingerprint recognition devices,
can help. They combine the security of biometrics the use of physical
characteristics to identify a person with an easy-to-use interface. In
this case, it's the touch of a finger.
TouchPass 2.0 from NEC Technologies Inc. is a client/server solution
designed for large installations, unlike the fingerprint recognition systems
we reviewed last year from Compaq Computer Corp. and Digital Persona Inc.,
which work only on client machines.
The NEC system consists of an optical fingerprint scanner called the
BioMouse, an A/C power adapter and software to install on a Microsoft Corp.
Windows NT 4.0 server and a Windows NT 4.0 or Windows 98 client. The system
also can be used on stand-alone workstations. The BioMouse is available
in a parallel port model, which we tested, or a PCMCIA model for use with
notebook computers.
The concept behind fingerprint readers is simple. Once a computer is
turned on and reaches the log-in prompt, the user places a finger on the
optical scanner. The scanner compares the current fingerprint image with
an archived set of images stored as mathematical representations and performs
a one-to-one match. If a match is found, the user is logged in to the system.
The recently released TouchPass 2.0 that we tested offers tighter integration
with Microsoft's network administration tools than did TouchPass 1.0. The
new version has other nice enhancements, such as the ability to generate
random passwords to fulfill Windows NT 4.0's password requirement and the
option to log in using a fingerprint and a password. Within the next few
months, NEC plans to release a version of TouchPass that is compatible with
Windows 2000.
Setting up and configuring the system was not difficult, but we did
find some things not to our liking. The most inconvenient feature was the
separate A/C power adapter. (Neither of the systems we reviewed last year
needed an external power source.)
The worst aspect of the adapter is the location of its connection to
the BioMouse scanner. Instead of connecting to the scanner itself, the A/C
adapter connects to the side of the scanner's parallel port plug, which
gets connected to the back of the computer. This setup causes the A/C adapter
to stick out at a 90-degree angle, which may block access to any port next
to the parallel port.
On our client workstation, the PS/2 mouse port is next to the parallel
port. Since PS/2 plugs are relatively small, we were able to squeeze them
in while we had the TouchPass A/C adapter connected. However, a serial port
next to the parallel port on our server could not be used at the same time
the adapter was connected.
The TouchPass server software blends seamlessly with the Windows NT
User Manager for Domains. You can add new users with the standard NT administration
tools, but there are a few extra steps required to enroll fingerprints along
with each user.
After filling in the appropriate information in the New User window,
you click on the TouchPass button to set log-in rights and register fingerprints.
Four options are available: biometric log-in only; both biometric log-in
and password required; either biometric log-in or a password; and password
log-in only.
You can enroll up to 10 fingers for each user. TouchPass suggests enrolling
at least two in case a user injures a finger. The enrollment process involves
capturing the fingerprint image three times.
We found the TouchPass scanner to be a little more temperamental than
those from the systems we reviewed last year. We experienced a lot of bad
reads and had to keep adjusting our finger positions (on-screen messages
instruct you to move the finger up, down, left or right). In fact, we were
never able to register the index finger of one of our testers. Even when
a finger seemed to be in the right position, the system sometimes instructed
the user to adjust the pressure.
While NEC recommends leaving the system settings at their defaults to
ensure proper security, administrators can adjust threshold values if registering
and reading fingerprints seems too difficult or takes too long.
The wizard-guided installation of the client software was simple. Just
be sure you know the server's IP address; you will need it during the installation.
The TouchPass manual lists an IP address to use for a stand-alone installation.
The TouchPass software modifies the Windows NT log-in screen slightly.
The TouchPass logo appears on it, and the screen instructs users to place
a finger on the scanner or to press CTRL-ALT-DELETE to log on. The fingerprint
is not actually scanned at this point; it just gets you to the next step,
where you must type in a password and/or place a finger on the BioMouse
for scanning.
Logging in with TouchPass was easy most of the time, but the system
occasionally had trouble reading the fingerprint image. We occasionally
had to scan a finger repeatedly to gain access. This became frustrating
because it was difficult not to overcompensate when the software instructed
us to reposition the finger. Interestingly, the finger could be rotated
up to about a 45-degree angle and the image could still be read.
Overall, this is an effective and easy-to-use system that blends well
with Windows NT and affords increased security while eliminating the need
to remember passwords. Our biggest complaint is the placement of the A/C
adapter connection. In fact, it would be nice to see NEC eliminate the power
adapter completely, as Compaq and Digital Persona have done.
At the same time, TouchPass distinguishes itself from the competition
with its client/server architecture. This allows user accounts to be closely
controlled by a system administrator. What's more, roaming users can log
on to any client on the network without having to reregister fingers. It
is TouchPass' client/server architecture that makes it considerably more
expensive than the other systems, but the cost might be well worth it for
enterprise environments.