Date: September 19th, 2005
Article by: Zhenya Semikhodski
<--SHOP FOR A MICROSOFT FINGERPRINT READER HERE
The reader comes in standard heat sealed plastic packaging with no foam protection but since there are no moving parts inside there is little cause for concern when it comes to shipping. The only gripe I have is if the impact comes from the front directly into the reader such as if something was to crush it by putting it on top of the package.
Opening the package reveals what’s inside:
It’s a no thrills package that includes a manual, driver and software CD and the reader itself. The green tag covering the USB connector you see in photo above tells you, in various languages, to install the software before connecting the reader. The manual looks quite thick but there are only 12 pages in English, the rest is the manual again in various languages including French, German and Greek. Finally, the disc contains the DigitalPersona Password Manager 1.0 along with the drivers. It obviously carries the Designed for Microsoft Windows XP logo suggesting that the drivers are WHQL Certified and the software and hardware has been thoroughly tested by Microsoft.
DigitalPersona, it seems, was asked to provide the software for the reader tailor made for Microsoft. The company specializes in security products providing software for biometric sensors and the hardware itself.
PRODUCT USE & SETUP
Before the reader is plugged in the software needs to be installed. Popping in the CD into the drive auto runs and shows us the welcome screen. However, on my system for some reason the following window came up:
This is strange because I am running Windows XP Professional Service Pack 2 and it is an English version. Perhaps it is because the operating system is set to United Kingdom English as opposed United States English that this dialog came up. However, as installation progressed it appears that everything went fine.
Clicking OK on the above dialog finally welcomes us to the installation.
Next we have to accept the license agreement as per usual before moving onto another agreement that is unique to this product.
This agreement is a security disclaimer and it is very important because Microsoft has placed this warning (contained within this agreement) in the help files, in the manual and even within the software installation itself. It is perhaps a good point to pause here and discuss this issue.
In short the warning tells you that the fingerprint reader is not made for security purposes but rather it was made to be used for convenience or to put it another way, Microsoft is gently telling you that this is simply a gimmick. This may come as a surprise to you since anyone would think that a biometric sensor would be used for security purposes, alas Microsoft thinks otherwise. Now don’t be alarmed, you can store various passwords with it such as log in information to forums and the like but you are warned that this is not suitable to replace typing in passwords manually for corporate networks, financial information and other sensitive data.
This is also confirmed by the fact that I couldn’t find anywhere where Microsoft has posted some kind of specification regarding the encryption strength of the passwords and how they are stored. They obviously may have something to hide suggesting that the encryption may not be strong enough and the password storage may not be secure enough to protect highly sensitive data. Presumably if they are stored in a single file somewhere then a hacker could simply steal the file, decrypt it and have all your passwords. Alternatively the passwords may be kept within the system registry, encrypted.
So if you thought you would buy this fingerprint reader and do away will remembering absolutely all your passwords then think again. Suddenly the whole idea of buying a rather expensive piece of kit for storing a couple of forum passwords may not be so appealing.