Positive ID: All About Biometrics
Biometric identification -- which instantly authenticates people by unique physical traits such as eye structure, voice patterns and handprints -- may seen like something out of X-Men or Star Trek. But it's neither fantasy nor futuristic.
In fact, biometric technology has been around for years. It's even a growth industry: The worldwide market for biometric devices is projected to nearly triple in the next few years, rising from $2.1 billion in 2006 to $5.7 billion in 2010, according to the International Biometric Group, a New York City-based research and consulting firm.
Meanwhile, biometric capability is increasingly available in products that are affordable for even the smallest businesses. More surprising than the devices' existence, though, are the ways in which some companies are putting them to use.
First, a bit of history. Particularly after the terrorist attacks in 2001, security experts were keenly interested in using biometrics for positive identification. The main goal then: keeping unauthorized users from gaining access to government or company buildings, computer systems and information.
Today, some organizations are using biometric technologies to keep outsiders out, but others are finding the technology -- especially the less-expensive fingertip and hand scanners -- far more useful for in-house security purposes. For example:
Tracking time and attendance: "Buddy-punching" -- when employees manually punch each other's time cards to falsify their work hours -- has been the bane of small businesses for decades. Biometric systems can end that practice by verifying employees' identities as they clock in and out, most commonly through a fingertip or handprint reader. Added bonus: Many systems also compile payroll data, replacing a tedious manual task. Systems begin at about $350.
Replacing or enhancing passwords: It's no secret that many people's system passwords are a cinch to decipher. Case in point: In a 2005 in-house security test, a California credit union's IT team used a tool that cracked about 80 percent of employee passwords within 30 seconds. IT staffers instructed workers to adopt stronger passwords in keeping with the organization's security standards, then repeated the test. The results weren't encouraging: The team still cracked 70 percent of the new, stronger passwords. So the credit union began using a combination of fingertip scanners and automatic, randomly generated passwords to authenticate system users. Bank officials say the change greatly improved those security audits and reduced password-administration costs, an expense that IT research firm Gartner Inc. says costs companies an average of $200-$300 per user per year. Fingertip readers begin at around $100 per device.
Securing dangerous or controlled substances: Businesses in a wide range of industries use biometric devices -- with hand-readers being a particularly popular option -- to help monitor access to toxic chemicals, radioactive waste, narcotic drugs and other potentially hazardous materials. Hand-reader security devices range from about $1,000 to $3,000 or more per device, depending on features.
Preventing ID-card sharing: Some businesses now use biometrics to keep multiple customers from sharing a single account or pass card. An Oklahoma City-based chain of tanning salons, for instance, installed fingertip readers at all its locations to authenticate paying customers, thus preventing people from simply loaning their membership cards to friends. (A company spokeswoman says the scanners don't store a complete fingerprint -- just a big enough piece to confirm the user's identity.)
Biometric technologies aren't infallible. Systems may fail to recognize an authorized user or detect an imposter. In one well-publicized case a few years ago, a Japanese cryptographer copied a fingerprint using a gelatin substance. He then tested the duplicate fingerprint on several commercial scanners -- all of which "recognized" it as real.
In addition, many people view the use of biometric security measures as an invasion of privacy. In testifying before Congress, Barry Steinhardt, director of the Technology and Liberty Program for the American Civil Liberties Union, has cited biometrics as yet another example of America's movement toward becoming "a surveillance society."
But for businesses needing to know exactly who's got their hands on which pieces of company equipment or information, biometrics are likely to be an increasingly attractive option.
For additional information: