Slashdot Mirror
Successful Alternatives To Password Authentication?
DonaldP asks: "Have any of you successfully deployed a key, token, or biometric-based access control for Windows machines to replace (or enhance) the typical login/logout authentication process (even image-recognition schemes would be considered)? I see different stuff out there but short of actually evaluating each one, it's hard to get a good idea of what the scene is like, what is crap and what actually delivers. Does anyone have experience with such systems, or can suggest other suitable solutions?"
"Some existing solutions (smartcards, etc) have their own quirks. Most notably, they trigger a login, or a logout event (plug it in to log in, remove to log out). Frankly, that just takes too long. Access granting needs to be quick and easy, because it will be frequent (and Fast User Switching doesn't work on machines that are part of a domain, according to Microsoft's docs). The machines I want to deploy on are domain-connected systems, basically serving kiosk roles in a warehouse. Usage is frequent, usage of a system is shared, and access needs to be quick and easy.
A 'Holy Grail' would be something like you see on the point-of-sale terminals in the food industry. Waitrons swipe or wave their card to access the (shared) terminal, quickly punch in or look up what they need, and they're out of there until next time.
The specific technology used (iris scanner, fingerprint scanner, smartcard, keycard, RFID, etc) isn't particularly important. I want to roll out something easier for the floor people to manage than the typical standard username/password authentication method, that provides:
- FAST locking/unlocking the screen (or fast login/logout action).
- Allows multiple 'keys' to be used for one system (many individual users, one computer).
- An event log (or equivalent) to identify which key unlocked/locked the system and when.
- the ability to disable individual keys in the event of loss, theft, etc.
The few products that I have found range from so-so to vapor-seeming. PSL would probably hit all the bases but it looks like vapor. The documentation link isn't there, the FAQ is blank, and the 'Reviews' and 'News' pages are empty. The RF-based one for WirelessDefender seems slick but it doesn't look like the hardware would accommodate multiple users for a single unit." In addition to recommendations and suggestions, if you've tried biometric authentication and have horror stories of stuff that *didn't* work, feel free to share those too, if you would."
A 'Holy Grail' would be something like you see on the point-of-sale terminals in the food industry. Waitrons swipe or wave their card to access the (shared) terminal, quickly punch in or look up what they need, and they're out of there until next time.
The specific technology used (iris scanner, fingerprint scanner, smartcard, keycard, RFID, etc) isn't particularly important. I want to roll out something easier for the floor people to manage than the typical standard username/password authentication method, that provides:
- FAST locking/unlocking the screen (or fast login/logout action).
- Allows multiple 'keys' to be used for one system (many individual users, one computer).
- An event log (or equivalent) to identify which key unlocked/locked the system and when.
- the ability to disable individual keys in the event of loss, theft, etc.
The few products that I have found range from so-so to vapor-seeming. PSL would probably hit all the bases but it looks like vapor. The documentation link isn't there, the FAQ is blank, and the 'Reviews' and 'News' pages are empty. The RF-based one for WirelessDefender seems slick but it doesn't look like the hardware would accommodate multiple users for a single unit." In addition to recommendations and suggestions, if you've tried biometric authentication and have horror stories of stuff that *didn't* work, feel free to share those too, if you would."
Biometric Bacon Authentication.
Indy Media Watch-Proctologist of the Internet
In order to reduce costs, we put a question like "Are you authorized to view this very confidential information?". In order to curb abuse we also have a sentence that says "We audit all activity.", which is a module I'm currently trying to complete.
We haven't had any issues as far as we are aware.
After you sell your soul to work for us, we require a drop of blood each morning to be able to access the building and then again to access your pc.
its effective, but we have noticed a rise in healthcare costs.
---- Booth was a patriot ----
if a computer crashes in a locked room and nobody is around to see it fail, does it have a blue screen.
liqbase
.. We use colonic mapping. It's a pain when i leave my colon at home though, and i have to borrow my friends just to get into the canteen for a coffee.
God Be Gone
Back then I was switching floppies between physical Drive A and virtual Drive B to save data.
I think my Wellington Bear calculator is even more secure, at least, before it was hybridized with my Trapper Keeper.
Shop as usual. And avoid panic buying.
The best automated form I have ever had to fill out went:
Q: where were you born
A: ohio
error, must be 5 characters
So I'm probably the only person born in multiple states at the same time, "ohios"
my UID occurs in pi starting at the 384,199 digit after the decimal point.