Might look at something like biopassword and then you're just relying on the biometrics of someones typing on a keyboard... Works very well in the demos I've seen...
On Thu, Sep 16, 2010 at 5:31 AM, Ziots, Edward <ezi...@lifespan.org> wrote: > I agree that the fingerprint might not be the best biometric method, but > its usually the most accepted method. Agree that is can be forged, but it > does take some work. > > > > We all know passwords aren’t going to “cut it” but is the value of the > assets you are trying to protect worth the increase controls and > authentication that biometrics bring? > > > > Retina/Iris Scans are not well received as a biometric method but are > highly accurate and almost impossible to force ( unless you want to rip > someones eyeball out of their socket and replace yours) ( Brings back Tom > Cruise in Minority Report when he has his eyeballs replaced to bypass some > biometric control) > > > > You also need to research the false acceptance vs false rejection rate for > the biometric method you want to employ. > > > > Working in healthcare also, so I see your reasons, but I would look at > possibily using Thin client, and housing the data on the backend, and > provide the 2 factor authentication and auditing of the access to the > EPHI/PII they are viewing so there is nothing saved on the laptop (which > should be encrypted to comply with HITECH and MASS CMR 201.17) > > > > Z > > > > Edward E. Ziots > > CISSP, Network +, Security + > > Network Engineer > > Lifespan Organization > > Email:ezi...@lifespan.org <email%3aezi...@lifespan.org> > > Cell:401-639-3505 > > > > *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com] > *Sent:* Wednesday, September 15, 2010 4:18 PM > > *To:* NT System Admin Issues > *Subject:* RE: Biometric AD authentication > > > > I do understand that this is “relatively” easily fooled, but smart cards > are not an option in this case (no built-in smart card reader). > > > > ‘Regular’ passwords are not going to cut it. I’m looking for a > combination of fingerprint and pin. > > > > Jim > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Wednesday, September 15, 2010 1:04 PM > *To:* NT System Admin Issues > *Subject:* RE: Biometric AD authentication > > > > Fingerprint as an auth method is passé. It’s easily forged. I’m pretty sure > Secunia published a study about that last year, finding that it didn’t > matter if your reader was $25 or $500 – they were easily “broken”. > > > > Smartcard plus PIN seems to be winning. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com <http://theessentialexchange.com/> > > > > *From:* Jim Holmgren [mailto:jholmg...@xlhealth.com] > *Sent:* Wednesday, September 15, 2010 12:53 PM > *To:* NT System Admin Issues > *Subject:* Biometric AD authentication > > > > Greetings, > > I’ve been tasked with coming up with some solutions for biometric AD > authentication. > > Quick background: > > We are in the healthcare field and will be providing tablet PCs to some of > our practitioners. We have been going around about how to provide > authentication to these folks with minimal security compromises. The > tablets will be running Windows 7 Pro (Dell Latitude XT2’s at the moment) > locked > down pretty tight, but to avoid the ‘sticky note’ password keeper on a > very portable device that will contain PHI, we are looking at requiring > login with a fingerprint and pin. > > Any suggestions/recommendations from those that have been-there-done-that > with Biometric AD auth would be greatly appreciated. > > Thanks, > > Jim > > Jim Holmgren > > Manager of Server Engineering > > XLHealth Corporation > > The Warehouse at Camden Yards > > 351 West Camden Street, Suite 100 > > Baltimore, MD 21201 > > 410.625.2200 (main) > > 443.524.8573 (direct) > > 443-506.2400 (cell) > > www.xlhealth.com > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole > use of the intended recipient(s) and may contain confidential and/or > protected health information. Under the Federal Law (HIPAA), the intended > recipient is obligated to keep this information secure and confidential. Any > disclosure to third parties without authorization from the member of as > permitted by law is prohibited and punishable under Federal Law. If you are > not the intended recipient, please contact the sender by reply e-mail and > destroy all copies of the original message. > > NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para > uso exclusivo del (los) destinatario (s) y puede incluir informaci?n > confidencial y/o informaci?n de salud protegida. La Ley Federal (HIPAA) > establece que el destinatario est? obligado a mantener la informaci?n > confidencial y sequra. HIPAA proh?be y castiga cualquier divulgaci?n a > terceras personas sin autorizaci?n del afiliado o permitido por ley. Si > usted no es el destinatario, redirija esta mensaje al remitente, y destruye > cualquier copia existente del mensaje original. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole > use of the intended recipient(s) and may contain confidential and/or > protected health information. Under the Federal Law (HIPAA), the intended > recipient is obligated to keep this information secure and confidential. Any > disclosure to third parties without authorization from the member of as > permitted by law is prohibited and punishable under Federal Law. If you are > not the intended recipient, please contact the sender by reply e-mail and > destroy all copies of the original message. > > NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para > uso exclusivo del (los) destinatario (s) y puede incluir información > confidencial y/o información de salud protegida. La Ley Federal (HIPAA) > establece que el destinatario está obligado a mantener la información > confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a > terceras personas sin autorización del afiliado o permitido por ley. Si > usted no es el destinatario, redirija esta mensaje al remitente, y destruye > cualquier copia existente del mensaje original. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin