Security at your fingertips
- By Dan Caterinicchia, Dan Caterinicchia
- Jul 26, 2004
Employees in at least one Defense Department office no longer have to remember passwords or personal identification numbers.
DOD's Office of the Assistant Secretary of Defense for Networks and Information Integration is about one year into a pilot program that lets about 1,300 users sign on to their computers and access applications with a fingerprint authentication system.
Officials at DOD chief information officer's office bought 200 fingerprint authentication solutions from DigitalPersona Inc. last summer and, within days, ordered 1,100 more, said Charlie Ahrens, the company's director of government relations.
DigitalPersona's Pro Total Password Automation application and fingerprint recognition hardware allows users to access up to 22 Microsoft Corp. Active Directory applications once the fingerprint reader verifies their identities. The system is interoperable with DOD's Common Access Cards (CAC), which increases overall information assurance levels, said Vance Bjorn, chief technology officer and vice president of DigitalPersona, based in Redwood City, Calif.
"The core security threat our product solves is addressing the human factors of security," such as storing, sharing and remembering passwords, Bjorn said. "It solves the social aspects of security. These types of threats cannot be solved by asking people to choose a longer password or carry a card."
Since the program's inception last summer, help desk calls for password-related assistance have declined by more than 90 percent, Ahrens said.
DigitalPersona's system includes:
Fingerprint sensors and software, which replace passwords for Windows accounts, applications and Web sites and facilitate the process for registering fingerprints with the system.
The Pro Server, which provides secure, server-based authentication; network-based administration tools; and centralized storage of user records.
Users don't need to remember passwords to gain access to systems and applications. Using the DigitalPersona system, an administrator can recognize a fingerprint and match it at the server, which means the scripts can be as long, random and complex as necessary without additional work for the user, Bjorn said.
The DOD implementation was completed in a few months, but the DigitalPersona system can be installed in one day if all policies and technologies are in place, Ahrens said.
The desktop systems cost $140 each, and there is a $40 per user charge. DOD officials paid about $234,000. There is also an optional perpetual license agreement for maintenance, upgrades and support that costs 15 percent of the total purchase price, Ahrens said.
DigitalPersona officials are involved in numerous customer negotiations within the defense and intelligence communities, but Ahrens declined to provide the names of specific agencies until agreements are finalized.
Caterinicchia is a freelancer writer based in the Washington, D.C. area.