Using a fingerprint scanner for your computer feels like something out of a sci-fi movie, but the premise behind it is fairly straightforward. To keep you from having to remember an endless series of unique, strong passwords, you can store all your login information locked away and accessible only through your fingerprint. Nothing to remember, no master password you can forget. Your fingerprints are always with you. The supporting software can offer to store your password every time you see a login screen. It can even launch those sites and apps to log you in automatically with the swipe of a single finger. As great as those conveniences are, they rest on one seriously flawed concept. You need to have a fingerprint scanner with you everywhere you use a computer.
I have a desktop at my office, and I use a laptop for most of my non-work computing. There’s also a desktop I use as a home media server and my smartphone. Given the proliferation of tablets and smartphones over the last few years, I would guess that interacting with three or four computing devices like this over the course of a day isn’t unusual for most people anymore. It’s doubtful every single one of those devices has a fingerprint scanner. That means even people with a fingerprint scanner on one device still end up using the same insecure, easy-to-remember password over and over again, despite the extra security device. Also, fingerprint scanners can’t replace the password dialogue in any website or program. If someone gets your password, they can bypass the security scanner. So, you aren’t so much adding an extra layer of security as you are adding an extra step to get into something that’s supposed to be secure.
Password security is a difficult problem, but the fingerprint scanner doesn’t really provide any improvement to the situation. A true solution has to be something you can take with you to any computer, and that encourages the use of unique, strong passwords without creating an impossible to remember list. Most password managers fit the bill nicely. You need to remember that one master password, but after that, you’re done. Many offer password generators, so you don’t have to think up a complex password of your own. Portable versions can be installed on a flash drive and there are even mobile versions that work on smartphones and tablets. The fact that you can bring the database with you to any machine you work on, without installation or setup, is absolutely vital for users who serious about their password security.
My top three recommendations for password security are KeePass, RoboForm, and my personal favorite, LastPass. All of them offer password generators to give you strong passwords that aren’t vulnerable to social engineering and offer easy options to take your passwords with you on mobile devices and portable apps that run from a flash drive. Also, all of the recommended choices have basic free options. KeePass doesn’t integrate that well with browsers and doesn’t have an online syncing option that I know of, but it’s open source and has a lot of extensions, so you can add functionality. It’s also the only one of these three with a totally free mobile app. LastPass is basically intended for browser-only use (it began its life as a Firefox extension), but gives you online syncing for free. RoboForm works with browsers or applications, but charges for online syncing. Paid versions of LastPass and Roboform get you online syncing with free mobile apps. But what all of them have in common is that they actually add to your password security if you use them, instead of just making you think you added to it.
[…] Yes, the ITM office actually has a fingerprint scanner. Image via Techcitement […]