Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
For years, we’ve seen characters in science fiction movies using a hand, an eye, or voice to gain
access to highly secure areas in a building. The hero always manages to find a way to around these
barriers and save the day. It’s not quite so simple, but it’s more challenging for the hot shot spy to
How much of your day is spent helping end-users track down, reset or gain access to the network
because they lost or forgot their passwords or other security issues? What if you could have extra
This no-password technology is here and is growing rapidly. It is called biometrics and you’re on your
behavioral characteristics. Common commercial examples are fingerprint, face, iris, hand geometry,
Not all cool technology becomes viable. The old ‘build it and they will come’ concept only works if the
buyer is looking for something to solve a business problem. Not just a minor irritant, but a major pain.
Think about the main motivator behind most of the technology purchases you make. There is likely a
Password scenarios
In the security world, there is continuing pressure to make your network more secure. Each layer of
additional security implemented also adds more complexity to the process. One of the major time
wasters for a help desk staff is assisting end users with password problems. Password issues have also
Consider three different basic password scenarios. You operate either with no passwords, simple and
same passwords, or complex ones for logon screens, applications and secure Internet sites. Here are
the rationalizations for the scenarios regarding passwords and their tribulations:
No passwords: it’s effortless, but not secure. It’s an open invitation for hackers and peers,
and it’s highly vulnerable. There are many people using this method today. Startling, but
true.
Simple or same passwords for all logons: simple to remember, but not secure, easily
Complex passwords: these are perceived as secure, but they’re inconvenient. They can be
cracked by patient hackers with a little help from password generating programs.
Here is story from the front line involving a “simple password” usage policy in a particular company. A
This policy applied for all 70 plus employees. Management’s insecurity for wanting to know all the
passwords caused this unsecured inefficiency. They did not see the other side of the coin; a wicked-
minded employee with minimal technical expertise could access the company’s intellectual property for
snooping.
There is another contributor to the already complex password issues. It’s bad enough there are
password generator programs, which enable hackers to crack passwords when they want to infiltrate
into a network; even when complex passwords are used companion such a network.
This contributor is called, social engineering. People share passwords with their peers, co-workers,
friends and bosses. In a corporate setting, when network break-in issues occur, it creates finger
pointing. Worst of all, it causes the loss of valuable time, money and resources. Furthermore,
company intellectual property is exposed to the wrong individuals with potentially catastrophic
If someone breaks into your network, which of the previously mentioned password issues will come to
mind? Most likely, none. The media and marketing firms have brainwashed the public because they
want to frighten, to promote and to sell security prevention products blocking outsiders from
sitting in an adjacent office or in the cubicle at the end of the hall or even the person who greets you
every morning and offers you a cup of hot cocoa in the hallway.
As big as a problem as passwords are for everyone, not being able to secure your network is
unthinkable.
Biometrics is the solution for simplifying these password security issues. Biometrics provides an
additional layer of security, efficiency and convenience for users and IT administrators. The passwords
are there if you need them. Nevertheless, you can implement a simple policy to use back-door
passwords—say 30 characters long—so no hacker or program can easily break it—and use biometric
1. In general, it’s a non-intrusive solution. Often people relate biometrics devices to those
fingerprint enrollment, the fingerprint image is converted into often-encrypted binary data
and stored onto the hard drive. Reverse engineering, to convert this data back into the
used for additional layers of security. For example, using a fingerprint together with iris
4. It can significantly minimize the cost and the time wasted on administration and
The wide spectrum of industries that already have adopted biometrics solutions are as follows:
financial institutions
pharmaceuticals
small businesses
medium and large corporations
healthcare industry
educational institutions
remote corporate employees
health clubs
government agencies
hospitality industry
consumer industry
Firewalls, virus protection programs, intrusion detection and prevention, and programs and operating
systems patches for their vulnerabilities and loopholes are examples of the nuisances embrace even
Biometrics is ready for embracing by those who require and understand the benefits of added security
(from insiders and outsiders), efficiency and convenience for our everyday computing experiences.
Just like online transactions, once you start using it, you can’t imagine returning to the older and
inefficient technology. Biometrics adoption is real and not an underground movement nor a fictional
Discussion: There’s talk that the next step is to protected access is passphrases. What do you think?
About the author: Nick Farzanfar, founder of FOQUEST Incorporated, has worked in research,
in all sizes. He is acting as a forefront in educating the market regarding the inefficiencies of
passwords—as being the “weakest link in IT infrastructure.” He is working with Boston University,
Vermont University and Massachusetts General Hospital to assist them with research and
implementation of biometrics solutions. Nick holds a Bachelor Degree in Computer Mathematics from