We help IT Professionals succeed at work.

biometric fingerprint reader for windows domain logon

musit
musit used Ask the Experts™
on
i am looking for information of anyone that knows about fingerprint readers which eliminate the use logon password and enables the user to simply scan fingerprint and grant logon to windows domain (Active Directory). Has anyone ever implemented this security technology or know of any products to achieve this? Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ron MalmsteadInformation Services Manager

Commented:
APC has a nice one....works great for storing user/pass for domain logon.

My boss uses it, though he wouldn't buy me one.  (cheap bast@rd !)
Anyway here it is.

http://www.nextag.com/apc-biometric-fingerprint-readers/search-html
Microsoft also do a fingerprint reader and the chances are, there will be better integration into associated systems with this.

HTH
Security Samurai
Top Expert 2006
Commented:
Yes, I've used them. They are ok. They however do not eliminate the logon password, they simply use the fingerprint of the user as the password. That password is just a weak as a user chosen one from an auditing standpoint. LM passwords are very weak, and with more and more "rainbow table" app's comming out, you might consider using password that are 15 or more chars.
Fingerprint scanners are also easily by-passed see my previous post here: http://www.experts-exchange.com/Security/Q_22009283.html#17648644
The user name must still be entered if it's not present, or a smartcard can be used.

The technology is a convenience  not a security measure. Security is a process not a program.
-rich


Ron MalmsteadInformation Services Manager

Commented:
The APC reader does both username\password.  Not sure about the MS reader.
Rich RumbleSecurity Samurai
Top Expert 2006

Commented: