Biometric authentication has bigger problems than gummy bears... Did you see the retina scan in the movie Demolition Man?
Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 4:18 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication I do understand that this is "relatively" easily fooled, but smart cards are not an option in this case (no built-in smart card reader). 'Regular' passwords are not going to cut it. I'm looking for a combination of fingerprint and pin. Jim From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure Secunia published a study about that last year, finding that it didn't matter if your reader was $25 or $500 - they were easily "broken". Smartcard plus PIN seems to be winning. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Holmgren [mailto:jholmg...@xlhealth.com] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with some solutions for biometric AD authentication. Quick background: We are in the healthcare field and will be providing tablet PCs to some of our practitioners. We have been going around about how to provide authentication to these folks with minimal security compromises. The tablets will be running Windows 7 Pro (Dell Latitude XT2's at the moment) locked down pretty tight, but to avoid the 'sticky note' password keeper on a very portable device that will contain PHI, we are looking at requiring login with a fingerprint and pin. Any suggestions/recommendations from those that have been-there-done-that with Biometric AD auth would be greatly appreciated. Thanks, Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com<http://www.xlhealth.com> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir informaci?n confidencial y/o informaci?n de salud protegida. La Ley Federal (HIPAA) establece que el destinatario est? obligado a mantener la informaci?n confidencial y sequra. HIPAA proh?be y castiga cualquier divulgaci?n a terceras personas sin autorizaci?n del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
