I've been using Mi Casa Verde (now Vera) for three years. Most of the stuff I use is Z Wave based but the Vera (appears / is) capable of integrating anything but bluetooth (at least on the models I've worked with). Very reliable. Very easy to set up. Easy to program and capable of significant complexity. http://getvera.com/

Iris recognition is the easiest and most reliable; the reason it's less popular is it was wildly overpriced until the patents on the technology expired a few years ago, but since then a number of players have entered the market and you can actually play with free software that will perform iris recognition via a Webcam, which might be all you need. Retinal scanning feels extremely invasive to users; you generally need people to put their forehead up against a rest and hold still and users typically won't accept it outside of an extremely sensitive environment. In contrast iris scans can be performed from several feet away, very quickly, and generally work through glasses and contacts. Iris recognition typically also works well with people who have a number of different diseases (like diabetes, which can dramatically affect retinal patterns over a very short timeframe) or conditions that affect the eye, unlike retinal scanning, including most of the common conditions that cause blindness (except cataracts). Fingerprint recognition has gotten a bad rap because in general use people don't want to have any false negatives, so operators tune the environment to be less sensitive, leading to lots of false positives (my fingerprints get read as your fingerprints). But it's true that prints can be affected by things like dehydration and the local environment; they can also be simulated if you're sufficiently motivated, but that's made infinitely more difficult if you combine your biometric with a PIN (though it can't be argued that prints are left lying around everywhere, so it's probably not the best biometric you could choose). In addition a surprisingly large number of people -- like maybe two percent -- simply do not have usable fingerprints; it's actually a diagnostic criteria for some medical conditions. (I have actually had a couple of jobs that dealt directly with use of biometrics as a form of authentication).

In general I think the other comments are on the money: Keypad and PIN sounds like the way to go. If you're trying to create something automated, then contactless cards / dongles are the other solution but as others have noted, this isn't bulletproof since without some other factor (something you know or something you are) it's possible for one person to use somebody else's device.

Each college offers its own coursework; there are hundreds of colleges certified as NSA centers of excellence; some of them are indeed excellent, and some of them are...not. The last time I checked out the Tulsa program, it emphasized teaching programming principles in java. Some programs have no coding requirements at all; they train you to be a policy specialist. Many, if not most, programs are very hard core in terms of technical requirements.

To reiterate: The Cyber Corps program can and is being used by undergraduates; it will take care of two years of your 4 year degree; if you've got the ability to get your undergrad degree in three years, you'd only have to pay for one year if you were in the Cyber Corps. And if you were to go into college with no debt and no significant obligations -- like a car payment -- you could probably make enough from your stipend and summer jobs to take care of that one year.

I am very sympathetic to your position; I was extremely poor as an undergrad, but I got great scholarships; federal grants took up most of the slack, with jobs and very small loans finishing up. But that was almost 40 years ago; it would be impossible to do that now. that's why programs like this are so important. I urge you to explore it if you're at all interested in infosec as a career.

Excellent argument. The government-employed medical doctors doing cutting edge research developing treatments no private sector company will touch because there's not enough profit in it: Clearly corrupt. Those firefighters who parachute in to disaster areas with nothing but a shovel and desire to save whoever they can: Obviously corrupt. People battling for meaningful financial reform against incredibly powerful opponents: Corruption incarnate. The only moral choice is to do nothing; anybody who says they're in government to try and do the right thing is obviously lying.

Yes, I was quite hesitant but most of the people in my program were older; this was a second career for many of us.

To recap: You do *not* have to work for the NSA (that article was awful). You do have to work for the government, but you only have to do that for two years (the amount of time you're in school under the program). A masters degree from Carnegie Mellon would cost you something like six figures. And after that all you have is a degree with no experience. Cyber Corps offers you a *free* degree *plus* a monthly stipend, *plus* a virtually guaranteed job, meaning in four years you have no debt, a solid degree and a real resume. I can't say enough good things about the program.

No, I am not a coder on any significant level. You should definitely check out a few schools. Tulsa is not much of a coding program, but they do teach you principles in java; Purdue has an interdisciplinary program that is heavy on programming theory but you can get out with little to no programming; Syracuse has a pure policy program where I think no coding is required at all.

You mean we're not?

Actually, a number of the members of my team are non-white, gay, or both, including some senior folks. We do however tend to avoid hiring the ignorant.

Your description is more accurate than mine; saying that the FBI engages in "spying" is probably a bit off. they do engage in covert surveillance and counter espionage within the United States.

Systems housing government data are required to meet certain minimum protective requirements, every system also needs to be certified as initially complying with those requirements by an independent third party (i.e., not the system owner), with a re-examination every three years. It's called "Certification and Accreditation." if you want to understand more about the requirements, look for a document called NIST 800-53. It's basically a penetration test.

In the United States, it's not that domestic spying is not allowed, it's that it's prohibited within specific agencies. The FBI does a lot of internal spying.

The key word there would be "automatic."

Actually, you can apply the two years to an undergrad degree and a lot of people do that.