Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Biotech

How Secure Is Microsoft's Fingerprint Reader? 72

Posted by Cliff from the you-gotta-be-kidding-me dept.
Moos3d asks: "I recently found out about this Microsoft Fingerprint Reader at the library and ever since then I have been fascinated by using something like this for my own PC. How secure is this compared to using multiple 10+ character long passwords? Some people I've talked to seem to think it isn't safe at all and some people seem to think it is only safe for casual use. I only plan to use it for online forums and other applications that don't require great measures of security so it seems to be perfect for me, but how secure do you think it really is?"
This discussion has been archived. No new comments can be posted.

How Secure Is Microsoft's Fingerprint Reader? More

How Secure Is Microsoft's Fingerprint Reader?

Comments Filter:

  • Very secure (Score:5, Funny)

    by gothzilla ( 676407 ) on Thursday February 03, 2005 @05:41PM (#11566725)
    unless you make it a habit of pressing your thumb on gummi bears.
    http://www.theregister.co.uk/2002/05/16/gummi_bear s_defeat_fingerprint_sensors/ [theregister.co.uk]
    • Sir, I am offended. I am a double amputee, and it is very hard to press my thumb on gummie bears
    • You are correct. This is an optical fingerprint reader and unless there is additional hardware on it it will not do live finger detection. Therefore the gummi bear attack will probably work.

      Also, on the question of "how good is it?". That depends on whose fingerprint software is being used. If the software is in-house Microsoft stuff then it is probably first generation and not very accurate. What this does is raise both the false-positive and the false-negative rate, meaning it is more likely to let

  • How do you plan to use it? (Score:4, Insightful)

    by kosmosik ( 654958 ) <kos@ko[ ]sik.net ['smo' in gap]> on Thursday February 03, 2005 @05:42PM (#11566731) Homepage
    How do you plan to use it? You've mentioned online forums etc. - they don't support this (at least majority of forums I know), most of such sites use passwords, often in unencrypted matter - if you are sending unencrypted password between two untrusted hosts etc. really password quality (be it 123809243+ random characters) does not matter at all...

    How it is secure depends on how you plan to implement it. Security is not about buing some gizmo, security is a complex project from ground up/design to implementation and also the hardest part - human element.

    So this device alone cannot be proclaimed safe or unsafe - it depends on how you will use it.

    I don't really track this specific hardware. I just commented about merit of your question in general.
    • most modern forum systems (vbulletin, punbb, phpbb, etc) encrypt the passwords using MD5 in the MySQL database. I first discovered punbb did when I tried to recover a password for a user. I just changed it for him.
      • I do not mean how they (passwords) are *stored* on *server* side. I mean how they are *sent* from your computer to server - if the case is that security is about weakest chain. You can have ultra-secure gizmo on your computer, running most secure operating system etc. but it does not matter because it will break in other place (f.e. network transport or the server itself will be untrusted).

        This marketing buzz-shit about these readers is stupid. Of course such devices may increase security when properly use

    • Re:How do you plan to use it? (Score:5, Informative)

      by Johnny Mnemonic ( 176043 ) <mdinsmore&gmail,com> on Thursday February 03, 2005 @06:15PM (#11567137) Homepage Journal

      hey don't support this (at least majority of forums I know

      Having looked at the linked product, it appears that the thumbprint device unlocks a cache of stored passwords on the host PC, and the cache then transfers the (text) user name and password to the input fields of the websites. So the websites would not have to be compatible with the thumbprint device per se; it just has to allow autocompleted user/pass info. And most do.

      That being the case, is this much more secure than a password protected password cache, ala Apple's Keychain? Probably not. I wonder if the thumbrprint reader even bothers to encrypt the print between the reader and the host PC; if not, with a USB sniffer like a keylogging device you're no more secure.

      But let's say that the reader does encrypt the print--maybe it does. Do you think it's easier to get my print (glass, gummy bear, etc) or to read my mind for my password? And as another poster pointed out--I can change my password and therefore limit my vulnerability window to whatever temporal limit I choose. OTOH, if my thumb is compromised then I only get one more chance.
      • Having looked at the linked product, it appears that the thumbprint device unlocks a cache of stored passwords on the host PC, and the cache then transfers the (text) user name and password to the input fields of the websites. So the websites would not have to be compatible with the thumbprint device per se; it just has to allow autocompleted user/pass info. And most do.

        I mean that the passwords are still still transfered unencrypted over untrusted network (the Internet, most of forum sites (question and

  • Not very (Score:3, Informative)

    by DarkHand ( 608301 ) on Thursday February 03, 2005 @05:43PM (#11566758)
    Dan of dansdata.com [dansdata.com] debunks the myth of 'secure' fingerprint readers in his review of a Lifeview Finger ID machine here [dansdata.com].

  • A place where it works (Score:5, Insightful)

    by samael ( 12612 ) <Andrew@Ducker.org.uk> on Thursday February 03, 2005 @05:46PM (#11566805) Homepage
    The hospital my father works in uses these to control access to data entry in the neonatal ward. The nurses would otherwise be typing in passwords about 300 times a day, as the computers lock whenever someone isn't standing at them. It means that the tracking data for who entered what data is always correct and that time isn't taken up typing in passwords all the time.

    I'm not sure how easy they are to fool, but in the hospital, where people wouldn't be at the terminals unless they were a recognised user anyway, they're perfect.

    • Re:A place where it works (Score:4, Informative)

      by Johnny Mnemonic ( 176043 ) <mdinsmore&gmail,com> on Thursday February 03, 2005 @06:25PM (#11567231) Homepage Journal

      The nurses would otherwise be typing in passwords about 300 times a day, as the computers lock whenever someone isn't standing at them

      They really use thumbprint scanners? What if the nurse has gloves on/a cut/some liquid on their finger? What if the scanner is dirty or scratched? That seems like a strange thing to do.

      Probably more likely is that they use Common Access Cards [army.mil] which would be just as secure as a thumbprint, but would also allow one to decertify the existing cards and force a periodic new key to be issued, say every few months--thereby expiring any exploitation of the previous code.
      • Most 'real' fingerprint scanners have the ability to detect the pattern based on the live skin tissue on your finger using conductivity, ignoring any dead tissue or other material.
      • Nope, they really use scanners. And they have three different fingers they can use. And the scanners seem to survive just fine.
      • What if the nurse has gloves on/a cut/some liquid on their finger?

        Given how few nurses are using a computer while doing a sterile procedure on a patient, I doubt gloves would be an issue. Cuts aren't a problem, as you just use another finger, and they make this nifty invention called a "paper towel" for liquids.
        • there are *vast* numbers of people doing this: in clinical trials where electronic data capture systems control dosing, in hospitals using electronic records - all over the place. certianly in the UK, the 30 BILLION POUNDS they're spending on NHS IT systems currently suggests a LOT more people will be doing it in the future.
          • And they'll be taking their gloves off post-examination and heading to the computer tablet to enter data on the chart, just like they do now with pen and paper.
    • we thought about this in a ward setting, and the problem is that it doesn't add any value. they can't use gloves, they can't remove and refit biogel gloves quicker than they can type in a simple short password, and it's layering complexity for no good reason. they duplicate the standard windows logon so they still need to know their password in plaintext, so what's the point? RFID proximity buttons might be useful but it's not really too hard to type in a 5 character password....

  • Huh? (Score:4, Funny)

    by Fortress ( 763470 ) on Thursday February 03, 2005 @05:53PM (#11566881) Homepage

    Lemme get this straight. You're asking how secure a Microsoft product is on Slashdot?

    Let me answer with a question. How smart do I think you are?

  • A fingerprint is just a password... (Score:5, Informative)

    by swillden ( 191260 ) * <shawn-ds@willden.org> on Thursday February 03, 2005 @05:55PM (#11566903) Journal

    ... but one that can't be changed and gets left lying around on a regular basis, but also can't (easily) be lost.

    Against a casual attacker (all most of us really have to worry about), it's perhaps slightly more secure than the average password and it's much more convenient.

    Against a sophisticated attacker, a fingerprint alone is much weaker than any password, unless you have a habit of writing your password on everything you touch. Yes, all of the fingerprint scanners claim to offer liveness verification, but in practice every time someone has seriously tested the claims, they've fallen down.

    If you need really high security, a password is better than a fingerprint, but it's even better to use both. Of course, if you need really high security, you shouldn't be using a standard PC with a common operating system, and I'm not just talking about Windows. Everyday PCs are wide open to an attacker that has physical access to them, regardless of what OS you're running. A TCPA-enabled OS would be slightly better, but not much since the TCPA standards don't require any tamper resistance on the TPM, so a clueful attacker with physical access will almost certainly pwn your machine anyway.

    IMO, and this is closely related to my day job, for low security and high convenience, go with a fingerprint. For moderate security, use either a good password or a combination of password/fingerprint or password/smart card or fingerprint/smart card. If you need high security, hire someone to help you figure out how to do it right.

  • Very Unsecure (Score:3, Informative)

    by Methuseus ( 468642 ) <methuseus@yahoo.com> on Thursday February 03, 2005 @05:55PM (#11566915)
    From the reviews by security experts, this is less secure than most other fingerprint readers used in non-consumer applications. It takes a less precise reading of your finger than just about any other fingerprint reader, especially those used in most "secure" applications.

    There's also the fact that it sends and stores the fingerprint info, mainly unencrypted, on the local hard drive so that it can match it. If you can get that information and which points need to match, it's relatively easy to make a fake that will match.

  • Not very... (Score:4, Informative)

    by JackAsh ( 80274 ) on Thursday February 03, 2005 @05:56PM (#11566927)
    First things first: This is a Windows only device. I'm sure someone will figure out how to get it working with something else, but it comes with software for Windows only.

    This is the Digital Persona http://www.digitalpersona.com/ [digitalpersona.com] fingerprint scanner, rebranded by Microsoft. I actually use some of their older sensors at home, they're fairly cheap and easy to use.

    How secure are they? Not very - these are the same sensors that can be bypassed with highly advanced Nasa Gummi Bear Technology. Yeah, get some latent prints, extrude them with superglue and a couple other items, then pour melted gummi bears into the mold to make a cool new fingerprint that can bypass the sensor.

    That being a given, they are pretty damn cool, and extremely convenient. You just come over to your Wintendo XP system, put your finger on the sensor and you are in. You can whip up authentication for websites and applications in no time (although I haven't figured out yet how to get it to authenticate me into World of Warcraft). It really is a "password database" system, unlocked with a fingerprint.

    BTW, if you decide to buy these go with Microsoft's sensors - Digital Persona is notoriously stingy with application upgrades. Not that it matters, the supplied software still works with my newest WinXP perfectly, but I feel kinda weird running the 1.0.3 version of a product now in 2.x. MS has traditionally been pretty good about providing updated software for their hardware.

    The way I look at it, it can keep people (friends, girlfriend, visitors) away from your Windows box without requiring you to enter a password every time you come back to it:

    Now you can press windows-L, get up, get a coke, come back, give the pc the finger (preferrably middle ;) and get back to browsing pr0n without anyone getting into your session ;).

    Not only that, but it will even allow for Fast User Switching just by putting in someone else's finger. Bonus!

    -Jack Ash

  • Don't mean to troll, but... (Score:4, Insightful)

    by TheWanderingHermit ( 513872 ) on Thursday February 03, 2005 @05:57PM (#11566933)
    I really do not mean this just as a troll, but after all the problems with Windows, IE, Outlook, and Office, I find it impossible to feel secure with ANYTHING Microsoft sells. I feel they have proven their focus is on getting a product out and getting the money, THEN worrying about fixing it, which is usually done with upgrades that cost more money. They're a business, and their goal is to get you to buy it, but I have yet to see one shred of evidence that they are as concerned about their products being secure as they are about getting paid.

    I think I once read something about Bill Gates saying his business model was to first promise something great, second, get the money, third, deliver it, and fourth, worry about the bugs and fixes later. We all know, though, that once you've sold something, the support from almost anywhere is not as focused as their efforts to produce the next thing they can sell, which is often the upgrade to fix the problems in the earlier version.
    • Anything digital can cracked. Although I don't want to come across as some sort of M$ lover, but M$ is being slamed constantly because it is currently the biggest fish in pond (or is it bullie in the neighborhood? but I digress...) There is little doubt in my mind that when Linux overtake M$, it will be on the receiving end of same treatment.
      • Yes, it's true. Anything digital can be cracked. I agree, but it just seems to me Microsoft makes far less effort at making ANYTHING of theirs secure (again, promise, get money, fix a few bugs while working on the next version you can charge for) than other companies or groups. I'm not jumping on them because they're MS, I'm jumping on them because, in my experience, they don't produce secure tools.

        And yes, I'm sure when Linux is much more common place, we'll see problems there, too, but when that happe

  • Just as secure as any other (Score:3, Informative)

    by Pan T. Hose ( 707794 ) on Thursday February 03, 2005 @05:58PM (#11566947) Homepage Journal
    It is completely useless, just as any other authentication relying on sending data that is not secret. This is really getting old... Ley me quote a 1998 article on biometrics by Bruce Schneier [schneier.com]:

    Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.

    Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.

    What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.

    There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.

    "Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.

    Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.

    Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?

    Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.

    Similarly, we can fool a signature biometric using a photocopier or a fa

    • It is completely useless, just as any other authentication relying on sending data that is not secret. This is really getting old... Ley me quote a 1998 article on biometrics by Bruce Schneier:

      Schneier also follows up with a 2002 Crypto-gram blurb [schneier.com], noting Matsumoto's excellent work with the gelatin-finger.

  • Skroob... (Score:3, Funny)

    by Keebler71 ( 520908 ) on Thursday February 03, 2005 @05:59PM (#11566970) Journal
    How Secure Is Microsoft's Fingerprint Reader?

    More secure than the combination on my luggage...

  • Missing the point (Score:3, Interesting)

    by Otter ( 3800 ) on Thursday February 03, 2005 @06:00PM (#11566973) Journal
    How secure is this compared to using multiple 10+ character long passwords?

    When even the editor offers a "LOL! Mirco$oft 1s teh sux!" response (in the from-the line, no less!) I wouldn't expect too much from the rest of the readership, virtually none of whom have ever seen the thing, let alone used it.

    Anyway, you're missing the point about complex, frequently changed passwords. The question isn't whether they're stronger than Batman or just stronger than Aquaman, it's whether their nuisance factor poses an actual risk.

  • fingerprint readers are not secure, regardless of who is making them. the basic concept of biometrics is flawed. you're just replacing one forgable key with another. fingerprints are especially bad, since any reasonably skilled criminal with latex or a similar material can just replicate the needed print and wear it over their own finger. the best biometric method, retina blood vessel pattern comparison, discriminates against blind people (who can't focus on the target) and puts you at risk for eye dama

  • fingerprint is worst (Score:5, Informative)

    by deanpole ( 185240 ) on Thursday February 03, 2005 @06:11PM (#11567085)
    Fingerprints make terrible biometric keys because you leave your fingerprint everywhere, unlike your password or retinal scan. Yes, fingerprints give that cool "we take security seriosly" aura, but are false security. Gelatin fingerprints are easy to construct from a fingerprint image, and difficult to detect when worn. Moreover once your fingerprint is compromised it is difficult to change. Doh!!!
    • Moreover once your fingerprint is compromised it is difficult to change. Doh!!!

      Well, technically, an average person would have 9 changes left.
      • Hmm. If the average number of fingers is 10, then that'd mean that for every person who loses a finger, there's someone with 6 fingers in a hand.

        Finger-losing accidents are way more common than freakish nature odddities of hands with more than 10 fingers. Therefore, the average person has less than 10 fingers.
        • Depends on what sort of average you use :)

          The mean number of fingers would be below 10, but the mode and median number of fingers would still be 10.

          Average types:
          http://en.wikipedia.org/wiki/Average ;-)
    • In particular, it's very easy to not wipe the scanner, and leave your fingerprint on the device itself. I just looked at the reader I use to access bloomberg, and my print's clearly visible.
  • If you local access to a machine sooner or later any logon security can be bypassed.
    But it takes considerable effort - not an job for an average Joe.

    Using the reader is very convienient way to logon to the computer.
    I have different logons for different people in my family with varing privleges.

    I actually brought the reader because of my 4 year old niece who likes to play games.
    She has her own account so that she doesn't end up messing with my personal files or preferences.
    • MOD PARENT UP - INSIGHTFUL.

      Using biometrics as a single factor at home locally for a child too young to type well to log on to a PC without keyboard interaction ...
      Well, let's put it this way: That's probably about the only good use-case scenario for a device like that mentioned in these posts. Especially since kids love playing and touching things ... Wanna play Barney's Adventures? Put your thumb on the little black box, Susie.

      The example of single factor bio in the hospital-- still about conven

  • MS says..."not very" (Score:3, Interesting)

    by holden caufield ( 111364 ) on Thursday February 03, 2005 @06:43PM (#11567400)
    I did some testing with one once, and the information included with the device (maybe the outside of the package - I forget) tells you it's not meant to be used as a security device. I'm sure it's for liability purposes, but MS is positioning this device to remember web page usernames and passwords. Yes, it's possible for someone to use it to log into a banking page or something, but you can't use it for domain logins.

  • Easy bypass... (Score:3, Insightful)

    by aoasus ( 786460 ) on Thursday February 03, 2005 @06:51PM (#11567486) Journal
    Violently remove finger, discard remainder of human. Apply finger to biometric scanner.

    I've seen it in movies. What's to stop someone from using this technique?
    • The blood drains out, and changes the properties of the finger.
    • A wise man once said that you never want to use a bank card / car key / whatever that you can't put on the ground and back away from.

      If the only to steal a car is to chop off the owners hand then there will soon be a lot bigger demands on keyboards for one handed people.
  • It is really secure because its based on the principles of bio metrics. So no fare using a ladies compact to reproduce the print.

  • Ask Microsoft (Score:3, Informative)

    by linuxwrangler ( 582055 ) on Thursday February 03, 2005 @07:49PM (#11567948)
    According to Microsoft [microsoft.com]: "The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks."

    Um. Isn't "sensitive data" the reason that pages are password-protected in the first place?

    So apparently the Microsoft Fingerprint reader is so insecure that even Microsoft can't recommend using it. Now that's scary.

    • I don't really consider my Slashdot account to be "sensitive," yet it has a password. That's what this is for.

      In the same vein, you wouldn't store the Hope Diamond in a padlocked box at home, but it works just fine for the title to your car.
      • In the same vein, you wouldn't store the Hope Diamond in a padlocked box at home,

        Hell yes I would. If you saw my house you would never in a million year think the Hope Diamond was anywhere near it, never mind inside. Security through obscurity? Perhaps. But, sometimes it works. :-)

  • Review.. (Score:2, Flamebait)

    by delus10n0 ( 524126 )
    I had one of these units for about a week, then returned it and got my money back. The password vault software will work with FireFox, yet Microsoft has disabled it. It will even go through the same "click the box where you enter your password" routine; it just never saves the XML password data properly. Contacting Microsoft tech. support, they informed me that the only application they designed it to work with is Internet Explorer and the Windows logon process.

    Pfft.

    I'd rather just use a password manageme
  • <needed_bash>
    Microsoft? Secure!?
    </needed_bash>

    But seriously, I'm not sure how a thumbprint reader would be that secure. It's pretty obvious that Microsoft isn't using professional-quality fingerprint security hardware, so if someone has a similar enough print, they can probably get in. On the other hand, if your attacker doesn't have a similar print, then they're pretty much screwed.
    So I guess a lot of it's luck.

    - dshaw
  • I use a password vault called RoboForm [roboform.com] from a company Siber Systems. It is Windows only :/ and has plugins for IE based and Mozilla based browsers (no Opera, sorry. :/). It also has a read only synchronization with your Palm or PocketPC PDA.

    Most important, it has a portable version that will let you carry it around on a USB drive. You pop the USB drive into a computer and you have access to all your passwords.

    It has a master password which you can use to selectively protect your login information and o
  • I think this quote from Microsoft's site answers the original question. :-)

    The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks. We continue to recommend that you use a strong password for these types of activitie

    I believe there are basically two ways to do biometric devices like this. The first is for the device to basically measure something and send the measurements to the computer. For example, a fingerprint rea

  • ... Are Belong To Us!
  • It's optical.

    Wipe off the surface when you're done. It's possible to "breathe" on the reader with some models and have the condensation on the oil pattern be enough to trigger a "read" and you therefore impersonate the last person to use the reader.
  • http://www.microsoft.com/hardware/mouseandkeyboard /features/fingerprint.mspx
    "The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks. We continue to recommend that you use a strong password for these types of activities."

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close