I agree that the fingerprint might not be the best biometric method, but its usually the most accepted method. Agree that is can be forged, but it does take some work.
We all know passwords aren't going to "cut it" but is the value of the assets you are trying to protect worth the increase controls and authentication that biometrics bring? Retina/Iris Scans are not well received as a biometric method but are highly accurate and almost impossible to force ( unless you want to rip someones eyeball out of their socket and replace yours) ( Brings back Tom Cruise in Minority Report when he has his eyeballs replaced to bypass some biometric control) You also need to research the false acceptance vs false rejection rate for the biometric method you want to employ. Working in healthcare also, so I see your reasons, but I would look at possibily using Thin client, and housing the data on the backend, and provide the 2 factor authentication and auditing of the access to the EPHI/PII they are viewing so there is nothing saved on the laptop (which should be encrypted to comply with HITECH and MASS CMR 201.17) Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Jim Holmgren [mailto:[email protected]] Sent: Wednesday, September 15, 2010 4:18 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication I do understand that this is "relatively" easily fooled, but smart cards are not an option in this case (no built-in smart card reader). 'Regular' passwords are not going to cut it. I'm looking for a combination of fingerprint and pin. Jim From: Michael B. Smith [mailto:[email protected]] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure Secunia published a study about that last year, finding that it didn't matter if your reader was $25 or $500 - they were easily "broken". Smartcard plus PIN seems to be winning. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Holmgren [mailto:[email protected]] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with some solutions for biometric AD authentication. Quick background: We are in the healthcare field and will be providing tablet PCs to some of our practitioners. We have been going around about how to provide authentication to these folks with minimal security compromises. The tablets will be running Windows 7 Pro (Dell Latitude XT2's at the moment) locked down pretty tight, but to avoid the 'sticky note' password keeper on a very portable device that will contain PHI, we are looking at requiring login with a fingerprint and pin. Any suggestions/recommendations from those that have been-there-done-that with Biometric AD auth would be greatly appreciated. Thanks, Jim Jim Holmgren Manager of Server Engineering XLHealth Corporation The Warehouse at Camden Yards 351 West Camden Street, Suite 100 Baltimore, MD 21201 410.625.2200 (main) 443.524.8573 (direct) 443-506.2400 (cell) www.xlhealth.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir informaci?n confidencial y/o informaci?n de salud protegida. La Ley Federal (HIPAA) establece que el destinatario est? obligado a mantener la informaci?n confidencial y sequra. HIPAA proh?be y castiga cualquier divulgaci?n a terceras personas sin autorizaci?n del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE: This email, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and/or protected health information. Under the Federal Law (HIPAA), the intended recipient is obligated to keep this information secure and confidential. Any disclosure to third parties without authorization from the member of as permitted by law is prohibited and punishable under Federal Law. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. NOTA DE CONFIDENCIALIDAD: Este mensaje incluyendo cualquier anejo es para uso exclusivo del (los) destinatario (s) y puede incluir información confidencial y/o información de salud protegida. La Ley Federal (HIPAA) establece que el destinatario está obligado a mantener la información confidencial y sequra. HIPAA prohíbe y castiga cualquier divulgación a terceras personas sin autorización del afiliado o permitido por ley. Si usted no es el destinatario, redirija esta mensaje al remitente, y destruye cualquier copia existente del mensaje original. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
