How Secure Is Microsoft's Fingerprint Reader?

Moos3d asks: "I recently found out about this Microsoft Fingerprint Reader at the library and ever since then I have been fascinated by using something like this for my own PC. How secure is this compared to using multiple 10+ character long passwords? Some people I've talked to seem to think it isn't safe at all and some people seem to think it is only safe for casual use. I only plan to use it for online forums and other applications that don't require great measures of security so it seems to be perfect for me, but how secure do you think it really is?"

Very secure

[gothzilla]

unless you make it a habit of pressing your thumb on gummi bears.
http://www.theregister.co.uk/2002/05/16/gummi_bear s_defeat_fingerprint_sensors/

How do you plan to use it?

[kosmosik]

How do you plan to use it? You've mentioned online forums etc. - they don't support this (at least majority of forums I know), most of such sites use passwords, often in unencrypted matter - if you are sending unencrypted password between two untrusted hosts etc. really password quality (be it 123809243+ random characters) does not matter at all...

How it is secure depends on how you plan to implement it. Security is not about buing some gizmo, security is a complex project from ground up/design to implementation and also the hardest part - human element.

So this device alone cannot be proclaimed safe or unsafe - it depends on how you will use it.

I don't really track this specific hardware. I just commented about merit of your question in general.

Re:How do you plan to use it?

[Johnny+Mnemonic]

hey don't support this (at least majority of forums I know

Having looked at the linked product, it appears that the thumbprint device unlocks a cache of stored passwords on the host PC, and the cache then transfers the (text) user name and password to the input fields of the websites. So the websites would not have to be compatible with the thumbprint device per se; it just has to allow autocompleted user/pass info. And most do.

That being the case, is this much more secure than a password protected password cache, ala Apple's Keychain? Probably not. I wonder if the thumbrprint reader even bothers to encrypt the print between the reader and the host PC; if not, with a USB sniffer like a keylogging device you're no more secure.

But let's say that the reader does encrypt the print--maybe it does. Do you think it's easier to get my print (glass, gummy bear, etc) or to read my mind for my password? And as another poster pointed out--I can change my password and therefore limit my vulnerability window to whatever temporal limit I choose. OTOH, if my thumb is compromised then I only get one more chance.

Not very

[DarkHand]

Dan of dansdata.com debunks the myth of 'secure' fingerprint readers in his review of a Lifeview Finger ID machine here.

A place where it works

[samael]

The hospital my father works in uses these to control access to data entry in the neonatal ward. The nurses would otherwise be typing in passwords about 300 times a day, as the computers lock whenever someone isn't standing at them. It means that the tracking data for who entered what data is always correct and that time isn't taken up typing in passwords all the time.

I'm not sure how easy they are to fool, but in the hospital, where people wouldn't be at the terminals unless they were a recognised user anyway, they're perfect.

Re:A place where it works

[Johnny+Mnemonic]

The nurses would otherwise be typing in passwords about 300 times a day, as the computers lock whenever someone isn't standing at them

They really use thumbprint scanners? What if the nurse has gloves on/a cut/some liquid on their finger? What if the scanner is dirty or scratched? That seems like a strange thing to do.

Probably more likely is that they use Common Access Cards which would be just as secure as a thumbprint, but would also allow one to decertify the existing cards and force a periodic new key to be issued, say every few months--thereby expiring any exploitation of the previous code.

Huh?

[Fortress]

Lemme get this straight. You're asking how secure a Microsoft product is on Slashdot?

Let me answer with a question. How smart do I think you are?

A fingerprint is just a password...

[swillden]

... but one that can't be changed and gets left lying around on a regular basis, but also can't (easily) be lost.

Against a casual attacker (all most of us really have to worry about), it's perhaps slightly more secure than the average password and it's much more convenient.

Against a sophisticated attacker, a fingerprint alone is much weaker than any password, unless you have a habit of writing your password on everything you touch. Yes, all of the fingerprint scanners claim to offer liveness verification, but in practice every time someone has seriously tested the claims, they've fallen down.

If you need really high security, a password is better than a fingerprint, but it's even better to use both. Of course, if you need really high security, you shouldn't be using a standard PC with a common operating system, and I'm not just talking about Windows. Everyday PCs are wide open to an attacker that has physical access to them, regardless of what OS you're running. A TCPA-enabled OS would be slightly better, but not much since the TCPA standards don't require any tamper resistance on the TPM, so a clueful attacker with physical access will almost certainly pwn your machine anyway.

IMO, and this is closely related to my day job, for low security and high convenience, go with a fingerprint. For moderate security, use either a good password or a combination of password/fingerprint or password/smart card or fingerprint/smart card. If you need high security, hire someone to help you figure out how to do it right.

Very Unsecure

[Methuseus]

From the reviews by security experts, this is less secure than most other fingerprint readers used in non-consumer applications. It takes a less precise reading of your finger than just about any other fingerprint reader, especially those used in most "secure" applications.

There's also the fact that it sends and stores the fingerprint info, mainly unencrypted, on the local hard drive so that it can match it. If you can get that information and which points need to match, it's relatively easy to make a fake that will match.

Not very...

[JackAsh]

First things first: This is a Windows only device. I'm sure someone will figure out how to get it working with something else, but it comes with software for Windows only.

This is the Digital Persona http://www.digitalpersona.com/ fingerprint scanner, rebranded by Microsoft. I actually use some of their older sensors at home, they're fairly cheap and easy to use.

How secure are they? Not very - these are the same sensors that can be bypassed with highly advanced Nasa Gummi Bear Technology. Yeah, get some latent prints, extrude them with superglue and a couple other items, then pour melted gummi bears into the mold to make a cool new fingerprint that can bypass the sensor.

That being a given, they are pretty damn cool, and extremely convenient. You just come over to your Wintendo XP system, put your finger on the sensor and you are in. You can whip up authentication for websites and applications in no time (although I haven't figured out yet how to get it to authenticate me into World of Warcraft). It really is a "password database" system, unlocked with a fingerprint.

BTW, if you decide to buy these go with Microsoft's sensors - Digital Persona is notoriously stingy with application upgrades. Not that it matters, the supplied software still works with my newest WinXP perfectly, but I feel kinda weird running the 1.0.3 version of a product now in 2.x. MS has traditionally been pretty good about providing updated software for their hardware.

The way I look at it, it can keep people (friends, girlfriend, visitors) away from your Windows box without requiring you to enter a password every time you come back to it:

Now you can press windows-L, get up, get a coke, come back, give the pc the finger (preferrably middle ;) and get back to browsing pr0n without anyone getting into your session ;).

Not only that, but it will even allow for Fast User Switching just by putting in someone else's finger. Bonus!

-Jack Ash

Don't mean to troll, but...

[TheWanderingHermit]

I really do not mean this just as a troll, but after all the problems with Windows, IE, Outlook, and Office, I find it impossible to feel secure with ANYTHING Microsoft sells. I feel they have proven their focus is on getting a product out and getting the money, THEN worrying about fixing it, which is usually done with upgrades that cost more money. They're a business, and their goal is to get you to buy it, but I have yet to see one shred of evidence that they are as concerned about their products being secure as they are about getting paid.

I think I once read something about Bill Gates saying his business model was to first promise something great, second, get the money, third, deliver it, and fourth, worry about the bugs and fixes later. We all know, though, that once you've sold something, the support from almost anywhere is not as focused as their efforts to produce the next thing they can sell, which is often the upgrade to fix the problems in the earlier version.

Just as secure as any other

[Pan+T.+Hose]

It is completely useless, just as any other authentication relying on sending data that is not secret. This is really getting old... Ley me quote a 1998 article on biometrics by Bruce Schneier:

Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.

Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.

What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.

There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.

"Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.

Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.

Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?

Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.

Similarly, we can fool a signature biometric using a photocopier or a fa

Re:Just as secure as any other

[j-turkey]

It is completely useless, just as any other authentication relying on sending data that is not secret. This is really getting old... Ley me quote a 1998 article on biometrics by Bruce Schneier:

Schneier also follows up with a 2002 Crypto-gram blurb, noting Matsumoto's excellent work with the gelatin-finger.

Skroob...

[Keebler71]

How Secure Is Microsoft's Fingerprint Reader?

More secure than the combination on my luggage...

Missing the point

[Otter]

How secure is this compared to using multiple 10+ character long passwords?

When even the editor offers a "LOL! Mirco$oft 1s teh sux!" response (in the from-the line, no less!) I wouldn't expect too much from the rest of the readership, virtually none of whom have ever seen the thing, let alone used it.

Anyway, you're missing the point about complex, frequently changed passwords. The question isn't whether they're stronger than Batman or just stronger than Aquaman, it's whether their nuisance factor poses an actual risk.

fingerprint is worst

[deanpole]

Fingerprints make terrible biometric keys because you leave your fingerprint everywhere, unlike your password or retinal scan. Yes, fingerprints give that cool "we take security seriosly" aura, but are false security. Gelatin fingerprints are easy to construct from a fingerprint image, and difficult to detect when worn. Moreover once your fingerprint is compromised it is difficult to change. Doh!!!

Re:fingerprint is worst

[Knights+who+say+'INT]

Hmm. If the average number of fingers is 10, then that'd mean that for every person who loses a finger, there's someone with 6 fingers in a hand.

Finger-losing accidents are way more common than freakish nature odddities of hands with more than 10 fingers. Therefore, the average person has less than 10 fingers.

MS says..."not very"

[holden+caufield]

I did some testing with one once, and the information included with the device (maybe the outside of the package - I forget) tells you it's not meant to be used as a security device. I'm sure it's for liability purposes, but MS is positioning this device to remember web page usernames and passwords. Yes, it's possible for someone to use it to log into a banking page or something, but you can't use it for domain logins.

Easy bypass...

[aoasus]

Violently remove finger, discard remainder of human. Apply finger to biometric scanner.

I've seen it in movies. What's to stop someone from using this technique?

Ask Microsoft

[linuxwrangler]

According to Microsoft: "The Fingerprint Reader should not be used for protecting sensitive data such as financial information or for accessing corporate networks."

Um. Isn't "sensitive data" the reason that pages are password-protected in the first place?

So apparently the Microsoft Fingerprint reader is so insecure that even Microsoft can't recommend using it. Now that's scary.

It is not possible

[Lead+Butthead]

Anything digital can cracked. Although I don't want to come across as some sort of M$ lover, but M$ is being slamed constantly because it is currently the biggest fish in pond (or is it bullie in the neighborhood? but I digress...) There is little doubt in my mind that when Linux overtake M$, it will be on the receiving end of same treatment.