A small UK startup has launched a new generation of biometric application it claims can totally replace login passwords on both standalone and networked PCs.
The patented system, called MatchLogon with FingerPIN, from newcomer FingerPIN, has been designed from the ground up to overcome the limitations of conventional biometric systems that have been found to be open to simple spoofing attacks.
Instead of using only a unique fingerprint to gain access to a network or PC, the system uses a sequence of such prints in a random order known only to the user. To overcome the system, an attacker would need to have access not only to four or more of the user’s fingerprints, but would have to enter them in the correct sequence.
The company hopes that by using the multi-factor sequencing design of a PIN code in combination with a series of prints unique to an individual, it can convince its target audience in the financial and call centre sectors to adopt software that greatly increases security over basic password management systems.
The company claims the chances of overcoming the print matching engine by chance are one in ten billion. The software, which comes as a Windows Active Directory-compatible management server and client application, can be made to work with any third-party USB fingerprint reader, including one from Microsoft.
Password logins have been shown to be open to be woefully insecure on a number of high-profile occasions. Last November, UK Television channel C4 uncovered security problems at mobile operator Orange, where staff were alleged to have shared logins to access customer information in a way that rendered information security useless.
The MatchLogon software spent most of 2006 undergoing trials at a number of UK and European companies the company is still reluctant to name, with one announcement expected in the coming weeks. FingerPIN is also understood to have been in negotiations with systems integrators, who would push the system as part of wider security offerings.
“We believe its strength also lies in its convenience for users. Network and application logons become more convenient when there is no need to change or remember your passwords,” said Martine Laffan of FingerPIN. The system can be used in conjunction with passwords and user names, though this would seem to defeat the point of such an innovation.
The pricing for MatchLogon Enterprise server is £1,000 per server, and £49.99 per client excluding the reader hardware. The standalone version, version 1.5, costs £49.99, excluding hardware.