Forget PINs; Just Bring Yourself
City workers in Oceanside were drowning in passwords. One to check e-mail, others to see water billing records or police reports, all on top of the codes and personal identification numbers they had to keep straight in their off-the-job lives.
Time and money were wasted answering as many as 30 calls a day from workers who forgot or lost passwords.
Now, those calls are down to one or two a week.
Two years ago, Oceanside began installing mouse-size fingerprint scanners at city computers. So instead of fumbling for a password, a city worker now need only place finger to scanner to get onto the network.
“It’s been a big success,” said Michael Sherwood, the city’s information technology director. “The only thing we’re wondering is: Why hasn’t the rest of the world caught on?”
Biometric devices that identify people by physical characteristics--such as eye patterns, voice tones and handprints--have been the stuff of cinema for decades.
In the real world, costs have restricted their use mainly to government offices and military bases.
Until now, that is.
As sensitive and important business is increasingly conducted online, biometrics’ day may finally have come. Within the next year, mobile phones and personal computers will have fingerprint scanners as optional equipment, providing convenience as well as increased security.
Passwords can be easily stolen. Fingerprints can’t.
That’s why government benefits such as welfare payments are increasingly being secured with biometrics, and why the Immigration and Naturalization Service relies on handprint scans to help about 45,000 frequent international travelers reenter the country speedily at six major airports without a passport check.
At the huge Comdex high-tech trade show a couple of weeks ago in Las Vegas, dozens of biometrics companies competed for attention, pushing everything from voice-recognition software to programs that can purportedly distinguish computer users by how they type their password.
“Before, it was this James Bond kind of stuff, with retina scans, that kind of thing,” said Sean Berg, security segment manager at Dell Computer Corp., which will offer fingerprint scanners on cards that plug into laptops. “Now it’s much more prevalent, much easier to use and much more affordable for the consumer.”
The scanners on Dell laptops, designed to restrict access, will cost more than $100. That’s about what Oceanside paid for the devices it bought--which Sherwood says easily paid for themselves in saved labor costs.
Sales of biometric-related hardware and software amounted to only $60 million last year, but that figure is expected to reach the hundreds of millions by 2002 or 2003, said Arabella Hallawell, an analyst with GartnerGroup.
Biometric devices are also expected to get a boost because they can be used to initiate digital signatures, which last month became a legally legitimate means of making online transactions in the United States.
“With e-business, as you get much more deeper, richer types of services offered, you’re going to need to know with some level of precision that the people on the other end of the computer, Web-enabled phone or kiosk--you have to make sure they are who they say they are,” Hallawell said.
Some devices seek to replicate the real-world signing process with an electronic pad and pen-like instrument--which supposedly can detect a forgery by measuring the speed, pressure and motion of how someone signs his or her name.
Other systems use a combination of biometrics for increased security, such as the BioID from Germany’s Dialog Communication Systems Inc., which identifies a person by his or her face, voice and lip movement. Such a system could be employed to restrict access to high-end servers and networks.
Consolidation in the industry is expected to lead to similar combination products and bring prices down.
Biometrics “is clearly a hot emerging technology category because it solves a real-world problem people keep pointing to,” said Grant Evans, executive vice president of Sunnyvale-based Identix Inc., which makes fingerprint scanners and has partnerships with Compaq Computer Corp., Motorola Inc. and Dell.
This year, Bank United of Texas placed ATMs in Houston, Dallas and Fort Worth that can recognize customers by patterns in their irises--no cards or PINs necessary--using technology developed by Sensar Inc., which has since merged with Iridian Technologies Inc.
The iris-scanning machines, which cost $5,000 more than a standard ATM, were popular with customers, said Bank United spokesman Vern Stockton. The experiment is unlikely to go any further for now, he said, because the bank is being acquired by a bigger outfit, Washington Mutual.
Biometrics still has some big hurdles to overcome, however.
First, the industry must define standards so software can be written to work with various kinds of biometric devices.
Biometrics got a big boost in May, when Microsoft Corp. said software that will enable biometric devices to work with PCs would be embedded in future versions of its Windows operating system.
Second, biometrics firms must deal with privacy concerns, assuring potential users that their devices do not catalog personal information.
“I think people are a little bit suspicious that there will be some national database that will be put together and people will be tracked. I think that’s a false fear,” said James L. Wayman, an engineering professor at San Jose State University and former director of the National Biometric Test Center.
For example, fingerprint scanners do not keep the prints themselves on file but merely record where patterns on the fingers end or change directions. That template of “minutiae points” cannot be used to re-create the original fingerprint, only to confirm that the print belongs to someone allowed to gain access.
Also, biometrics companies will have to prove their solutions are better and more practical--or at least an enhancement--to “smart cards,” plastic cards embedded with computer chips that can be easily encoded with security-related information and could soon be widely embraced as digital keys for the Information Age.
Biometrics could also be foiled by such phenomena as power failures and computer glitches--especially in the developing world.
Even so, the biggest reason biometrics could be on the verge of exploding is that there’s nothing for a user to forget.
“You always bring your credential with you,” said Manny Novoa, a security architect and biometrics expert at Compaq. “You bring your fingers with you everywhere you go.”