The McGuffin in Minority Report is an eyeball. After our hero, John Anderton, is tagged as a murderer, his eye, removed from his body, is used to access a secure facility and network. It shows that biometrics can be fooled--one of the biggest drawbacks to this authentication technology.
Certain situations, however, lend themselves to the use of biometrics: If your helpdesk is suffering from too many requests for forgotten passwords (an estimated 40 percent of all helpdesk calls, according to Gartner), you might consider making the switch.
Strengths and Vulnerabilities
Biometric-security devices record a unique aspect of a person--such as a fingerprint--and use that record for comparison against later attempts to authenticate. Iris and retina scanners are the most reliable; fingerprints, face and handprint scanners follow close behind. These devices have a higher rate of reliability than voice or signature scanners, but a lower rate of reliability compared with passwords or authentication tokens.
Environmental conditions can affect biometric-authentication devices. Fingerprint readers and iris scanners are small and make sense on the desktop but may not cut it in a shop environment rife with dust, humidity and other contaminants. Dirt, smudges and improperly placed fingers, hands or faces can cause a false read. Glasses, contact lenses, ambient or overhead lighting and awkward camera placement can significantly affect the usability of iris and retina scanners. Background noises and changes in a person's voice because of illness or stress can cause errors with voice-recognition systems.
Additionally, all biometric devices have specific software and hardware requirements. Check that you can support the device and that the device works with your network software. Also determine if an external power source or USB port is required and available.
Fears and cultural- or religious-based beliefs may work against you as well. Survey your employees to determine how many will accept the idea. And try out the device to determine if your employees can accurately use it.
And, of course, security researchers have found ways to trick biometric devices. Fingerprints can be lifted off a glass surface, even from the fingerprint reader, using graphite powder and a piece of tape or a cube of gelatin. Iris scanners might be fooled with a high-resolution image of the user's eye. To counteract these tricks, newer devices look for "liveness" indicated by pulse or vascular movement.
Setting Thresholds
Biometric devices' acceptable-failure thresholds are based on a FAR (false acceptance rate) and an FRR (false rejection rate). The FAR shows the likelihood of a user being incorrectly accepted; the FRR indicates how likely a biometric device will incorrectly reject a user.
If the administrator sets the threshold too low, the system will be more lenient in matching a submitted biometric to the user's template and subsequently will be more likely to accept an invalid user. Set the threshold too high, and you increase the likelihood that valid users will be rejected. To make ongoing management easier, make sure the thresholds can be configured and adjusted in house.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
2009 IT Salary Survey: Meager Raises, Solid Prospects
Though raises are notably smaller than a year ago, and job security’s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.
REPORTS
ANALYTICS
Follow 
