OK, I recently bought a new laptop and decided to go ahead and spend the little bit of extra cash for the bio metric finger print reader on the device thinking I could increase the security of my device. Considering my profession I figured increasing security might be a good idea and hey it looks all techy too. Well that is all and well until I decided to implement the system into a two-factor configuration. And so it begins…
Two-Factor Authentication is a security principle behind improving security by requiring multiple authentication mechanisms. There are three factors available; Something you have, Something you know, and Something you are. Bank cards work off of this model requiring two-factors: something you have (the card) and something you know (the pin). I wanted to setup my laptop similar: something I am (finger print) and something I know (password). The laptop I purchased supports the ability to do both right? A finger print reader and windows password management; Well wrong.
Here is the deal not all biometrics are created equal. Although the system does have the capability of performing two-factor authentication, the software for the finger print reader does not support such functionality. Speaking with HP on this matter they can either support one or the other thus only allowing for single-factor authentication. This is because the finger print system simply stores your password in a password vault and sends it to windows when it detects your finger print.
Moral to the story don’t be fool into thinking you have any stronger security just because you have biometrics: finger print reader, facial recognition, voice recognition, etc. Truth is you still have single factor authentication with a possible higher false positive rate. In other words if you use a strong password I would probably have a better chance of faking out your bio metric device than figuring out the password.
If you are with a company that is interested in enforcing two-factor authentication make certain your vendor supports it and don’t just assume that if it has a bio metric device that it will perform two-factor authentication. This is really just a marketing ploy to make users feel more secure and cool because they have a new high tech gadget.
What more information on multi-factor authentication http://en.wikipedia.org/wiki/Two-factor_authentication