Submission + - Successful "alternative" authentication ro
DonaldP writes: "Have any of you successfully deployed a key, token, or biometric-based access control for Windows machines to replace (or enhance) the typical login/logout authentication process? (Even image-recognition schemes would be considered.) I see different stuff out there but short of actually evaluating each one, it's hard to get a good idea of what the scene is like, and what is crap and what actually delivers.
Some existing solutions (smartcards, etc) have their own quirks. Like they trigger a login/logout (plug it in to log in, remove to log out.) Frankly that just takes too long! Access granting needs to be quick and easy, because it will be frequent (and Fast User Switching doesn't work on machines that are part of a domain, according to MS's docs.) The machines I want to deploy on are domain-connected systems basically serving kiosk roles in a warehouse. Usage is frequent, usage of a system is shared, and access needs to be quick and easy.
A "Holy Grail" would be something like you see on point-of-sale terminals like in the food industry. Wait[ers|resses] swipe or wave their card to access the (shared) terminal, quickly punch in or look up what they need, and they're out of there until next time.
The specific technology used (iris scanner, fingerprint scanner, smartcard, keycard, RFID, etc) isn't particularly important. I want to roll out something easier for the floor people to manage than a username/password, and provides:
- FAST locking/unlocking the screen (or fast login/logout action).
- Allows multiple "keys" to be used for one system (many individual users, one computer).
- Event log (or equivalent) to identify which key unlocked/locked the system and when.
- Ability to disable individual keys in the event of loss, theft, etc.
PS.
A couple products that I have found range from so-so to vapor-seeming. http://p-sl.com/ would probably hit all the bases but looks like vapor. The documentation link isn't there, the FAQ is blank, "Reviews" and "News" is empty. The RF-based one for http://www.wirelessdefender.net/ seems slick but it doesn't look like the hardware would accommodate for multiple users for a single unit. Anyone have experience with these, or can suggest other suitable solutions?
Or horror stories of stuff that DIDN'T work. Those can be be useful too!"
Some existing solutions (smartcards, etc) have their own quirks. Like they trigger a login/logout (plug it in to log in, remove to log out.) Frankly that just takes too long! Access granting needs to be quick and easy, because it will be frequent (and Fast User Switching doesn't work on machines that are part of a domain, according to MS's docs.) The machines I want to deploy on are domain-connected systems basically serving kiosk roles in a warehouse. Usage is frequent, usage of a system is shared, and access needs to be quick and easy.
A "Holy Grail" would be something like you see on point-of-sale terminals like in the food industry. Wait[ers|resses] swipe or wave their card to access the (shared) terminal, quickly punch in or look up what they need, and they're out of there until next time.
The specific technology used (iris scanner, fingerprint scanner, smartcard, keycard, RFID, etc) isn't particularly important. I want to roll out something easier for the floor people to manage than a username/password, and provides:
- FAST locking/unlocking the screen (or fast login/logout action).
- Allows multiple "keys" to be used for one system (many individual users, one computer).
- Event log (or equivalent) to identify which key unlocked/locked the system and when.
- Ability to disable individual keys in the event of loss, theft, etc.
PS.
A couple products that I have found range from so-so to vapor-seeming. http://p-sl.com/ would probably hit all the bases but looks like vapor. The documentation link isn't there, the FAQ is blank, "Reviews" and "News" is empty. The RF-based one for http://www.wirelessdefender.net/ seems slick but it doesn't look like the hardware would accommodate for multiple users for a single unit. Anyone have experience with these, or can suggest other suitable solutions?
Or horror stories of stuff that DIDN'T work. Those can be be useful too!"
