Let Your Fingers Do the Log-In

Fingerprint scanners are now affordable. But they're not yet glitch-free

Remember the sci-fi flicks and spy thrillers of your youth, where the good guys could magically open doors or arm missiles simply by touching a special button that recognized their fingerprints? Companies with exceptional security needs embraced fingerprint scanners several years ago to protect their computer networks. Now, with prices falling fast -- you can get a fingerprint reader that plugs into a USB port for as little as $69 -- more and more individuals have started safeguarding their computers with fingerprint security.

But to what purpose, I wondered? After all, you don't need James Bond-grade security to keep your kids out of your Quicken (INTU ) files or to rebuff nosy co-workers while you're on a coffee break. You can do the same with a password, and it's free.

So I gathered up a handful of these gadgets to try out for myself. The appeal is immediate, and it has less to do with security than it does with convenience. Not only will they keep your computer's files safe from prying eyes, but the best of the bunch will log you on -- at the touch of a finger -- to all of the password-protected sites you visit, from bank accounts and frequent-flier programs on the Web to standalone software applications on your computer or on your company's network.

Think of fingerprint scanners as the ultimate in password managers, able to encrypt and keep track of all of your various user names, passwords, and personal identification numbers (PINs). Once you connect the device and load the software, you don't have to look up and input all those secret codes each time a Web page or program asks you for one. Instead, an instruction pops up telling you to put your finger on the sensor. The software then verifies your fingerprint and automatically fills in the log-on name and password fields.

Because the fingerprint readers only work with -- and protect -- the computer they're connected to, the security of your Web accounts still hinges upon how unbreakable your passwords are. But because you no longer have to commit them to memory -- or to a sticky note on your desk -- you now can make them smarter than your wife's birthday or your pet's name. Security experts say the best passwords are a mix of upper- and lower-case letters and numbers, wQC7a4Ej, for example.

I spent several weeks playing with three gizmos that sit on the desk, attached to the computer's USB port by a cord: Sony (SNE ) $140 FIU-600 Puppy, coming in September; the $120 DEFCON Authenticator from Targus; and onClick's $100 BioMouse, a mouse with a built-in fingerprint reader. Because notebooks are particularly vulnerable to theft, I also looked at a couple of sensors designed to slip into the PC card slot on laptop computers: Security First's MS 3000 Ethenticator ($199) and a similar card sensor, onClick's BioScan ($180). All are for Windows computers (Sony's version for Macs is $20 more).

The Sony and Targus systems were the easiest to get up and running, but the onClick BioScan card worked the best. It could recognize and log on to more Web sites without my intervention (except for supplying my fingerprint), and adding new sites to its list was a snap.

If my experience is any guide, though, many users will need help at some point. Sony's sensor mysteriously stopped working after 10 days; I called, and they sent a new one. The Targus unit would work with Windows 98 but not Windows XP; a tech support staffer said I had gotten an older version of the product and sent me new software. OnClick's BioMouse was unable to log me on to my Web accounts; that feature will be added in September.

Also, none of the sensors worked for every Web site. None could log me on to AOL, for example. And many of them were confused by sites with multiple fill-in boxes, such as airline sites with separate fields for reservation, flight status, and frequent-flier numbers.

Despite the occasional glitches, however, they made it easy for me to access my company's network and its many applications -- such as my expense account -- not to mention most of the Web sites I visit in a typical day. And while the security may not be bulletproof, it's a vast improvement over the Post-It method of password protection.

By Larry Armstrong

Before it's here, it's on the Bloomberg Terminal. LEARN MORE