In addition, the National Institute of Standards and Testing cites wide variations in the accuracy of fingerprint biometric systems. NIST's most recent testing yields some interesting results. For example, multiple-finger recognition is much more accurate than single-finger recognition. Perhaps more important, the quality of the fingerprint images stored in the matching database has a greater effect on results than the quality of the authentication scanner (see full results of NIST's tests at fpvte.nist.gov/index.html). Although smaller fingerprint scanners are coming down in cost, capturing fingerprints, tuning the database and using the biometric scanner is an expensive proposition that can be justified only when the systems and data protected have an exceptionally high value.
Finally, though more secure than passwords alone, biometric information is not immune to theft--as we proved (see www.nwc.com/ 910/910r1side1.html), a stolen fingerprint molded into a rubber doppelganger can fool some biometric scanners, and a fingerprint cannot be reset like a password.
Virtually all operating systems and many applications include facilities for single-factor authentication. The same RADIUS used by many standalone authentication systems, for example, is common for these authentication systems, so why would anyone look beyond what's built-in? The reasons include added security and user convenience, but to understand the value of separate authentication services, you must first grasp the benefits and cost of authentication.
It's hard to tally the value of information lost to unauthorized network access--estimates range from millions of dollars to the approximate mineral value of Neptune. Fact is, statistics don't mean nearly as much as the value of any given loss when it's your loss.
Consider these four issues when building a case for strong authentication--which put justification in the realm of risk management and assessment: required confidence (security) level; transaction value; user impact; and deployment and maintenance costs.
