Click here to receive your FREE subscription to Campus Technology
Security :: Biometrics
Biometrics Revisited
1/1/2008
(The system includes a provision for manual correction by the employee's supervisor.) Technologists also found that one person out of 60 did not scan well and required the use of an optional PIN number. But employees' reactions to the system were generally favorable, so administrators went ahead and made use of the system as a condition of employment. Crandall said that the technology met their expectations and that, based on their experience, they would recommend it to others.Examples of the use of biometrics for high-security applications include using fingerprint readers for access to the data center at Virginia Tech, and utilizing keystroke dynamics at Berry College (GA), where Director of Network Operations and Information Security Officer William Souder reports that biometrics were adopted to improve the security of the institution's online ERP system. While administrators had not experienced any problems, they were concerned that over 200 users accessed the system on a regular basis, and wanted to move to a two-factor authentication process.
The college considered a number of alternatives including one-time tokens (which generate a temporary password that is only valid for a few moments) and fingerprint scanners, but after instituting a testing process that included mock intruders, administrators selected a keystroke dynamics solution from BioPassword, largely because of low cost and simplicity (keystroke dynamics develops a template based upon the way a person types). The installation, which included training classes, fine-tuning of end users' templates, and testing with mock intruders, was relatively easy and took one FTE (full-time equivalent) of effort for a couple of months. They found the FAR and FRR to be almost zero, and the user reaction was good (i.e., ho hum). While Berry has no plans to deploy the system beyond the ERP application, administrators feel keystroke dynamics should be considered by other institutions looking for an inexpensive way to add two-factor authentication to sensitive administrative applications.
Reservations
Not everyone agrees that the widespread use of biometrics solves our security challenges. As one observer points out, "If you think identity theft is bad now, just wait until your fingerprints wind up in a rogue biometric reader." One of the advantages of biometric information-its permanence-is also one of its problems. If someone steals your password or Social Security number, you can get a new one. If someone steals your fingerprint (or the template of your fingerprint), there isn't a way to get a new one.
Recommended Reading
- CT Industry
- CT Solutions
- Cut to the Core
- DAM-ing the Digital Flood
- Get The Word Out
The market’s teeming with products to help you alert your campus community on any number of fronts. Now you just have to pick the right ones and get everyone signed up.
- Thwarting the Copycats
New tools are helping colleges and universities counter burgeoning paper mill sites, pervasive internet content, and persistent student ingenuity.
