In just a few short years, passwords have become one of the most widely accepted – and universally despised – ways to protect information on everything from PCs to cell phones. Businesses have devised elaborate processes and procedures to implement them companywide – only to spend hundreds of dollars per employee in lost time and help desk charges to offset the dreaded forgotten passwords. And computer users – either at home or work – have been forced to develop their own elaborate methods to not only devise, but remember sometimes more than 20 different passwords to enable them to access the growing list of restricted computer applications and web sites.

Some “solve” the problem with sticky notes listing their different passwords. Others use one password for everything: from email to corporate networks to financial online accounts and more – both risky solutions, to say the least. But who can blame them? Consider the set of rules Information Week recently recommended users follow to create “good” passwords:

• When creating a password, DON’T use any part of your user name, full name, address, and birth date and so on (e.g. wife’s name, kid’s name, significant other’s name) since this information is readily available to an intruder
• DON’T use English or even foreign words – susceptible to dictionary attacks
• DO make your password at least six but preferably eight or more characters long; the longer the better
• DO use different kinds of characters in your password – letters and numbers, upper and lower case and even some of these @#!$. Or better yet, use extended ASCII characters
• DO change your password every month to six weeks
• DON’T recycle old passwords or use the same one for different applications
• DON’T write it on a sticky note and post it on your monitor
• DO use a password that is easy to remember

Computer users are supposed to repeat the process for every password, for every application – and keep them unique! The fact is that the easier the password is to remember, the easier it is to be hacked; yet, the harder it is to be hacked, the more likely you will see that infamous yellow sticky hanging in full view.

Fingerprint Biometrics -- The Password Replacement Solution

As a result of this password proliferation problem, many electronic devices manufacturers have expressed strong interest in adding the convenient security that fingerprint biometrics can provide to their electronic devices and computer or wireless networks. But, they did not know how receptive business and consumer users might be.

At AuthenTec, we recently investigated consumers’ true feelings about this issue by sponsoring an unbiased, scientific survey of more than 2,000 adults. What we found pleasantly surprised us – and the interested companies. We found that 63 percent of consumers would not only accept the technology, but would pay extra to add fingerprint biometrics to their PC and notebook computers, while 71 percent would pay more for this feature in their cellular phones. Most consumers said they would use the technology to replace their PC and Internet passwords, as well as to help transform their cell phones into their personal wallets to conduct m-commerce and wireless banking.

Survey Findings:

In the PC and notebook computer segment, the survey shows that:

 Younger consumers (18-44) are the most interested and are willing to pay the highest price for a biometrically-enabled device.

 Parents also showed a higher interest than non parents in adding the feature to PCs - at 75 percent versus 58 percent.

 43 percent are most interested in using fingerprint sensors to replace their computer or internet passwords

 Navigating the cursor and automatically starting favorite programs were other key capabilities consumers were interested in using.

 Three in ten (29 percent) said they would be willing to pay more than $25 for the additional feature.

In the wireless segment, the survey shows that:

 71 percent are interested in adding fingerprint sensors to protect the sensitive and personal information stored on their cellular phone.

 Overall, 32 percent would be willing to spend more than $25 to have the feature added to their cell phones, while nearly half (45 percent) of young adults (18-24) indicated they are willing to pay more than $25.

 60 percent said they would like to use biometrically-enabled cellular phones as a replacement for their wallets - debit cards or credit cards -- to conduct purchases or online banking. Nearly half of those said they would be interested in using a biometric cell phone to purchase items from a store, while 30 percent would use it for wireless banking, 27 percent to gain access to mass transit, and 25 percent for wireless shopping.

 Parents, younger adults, and men are the most interested in using the cell phones as a replacement for their wallets.

Security and Convenience – For Consumers and Professionals

The combination of user demand for security and user acceptance of biometrics, as the most convenient form of security, has spurred a growing number of manufacturers to introduce new business and consumer biometric products. In fact, there are more than 6 million biometric devices in use today. For example, Toshiba, Fujitsu, and IBM recently announced new notebook models with biometric fingerprint sensors embedded in the cover. APC also just announced a new biometric mouse, while Motion Computing introduced new tablet PCs with a sensor built in. In the wireless arena, LGE and NTT DoCoMo provide biometric cell phones that enable m-commerce and wireless banking that is controlled with the touch or swipe of a finger. Altogether, there are now more than 100 biometric consumer products – and the number is growing every month.

Consumers aren’t the only ones concerned about the flimsiness of passwords in protecting data. In areas like healthcare, single sign-on (SSO) efforts will help ensure that patients’ records are kept private per HIPAA requirements, that multiple protected computer applications can be accessed, and that time-consuming password entry is kept to a minimum. The best way to ensure the security of an SSO initiative, hospitals like St. Vincent in Indianapolis are finding, is to incorporate fingerprint sensors into the mix. But again, convenience may make the ultimate difference. The same authentication that will make the healthcare professional's life easier will also eliminate the paperwork hoops through which the patient must jump. With new HIPAA requirements, signatures are required more often, to permit the routing of patient records from doctor to doctor. Patients with fingerprint sensors built into their peripherals, or even directly into their laptops, will be able to digitally authenticate their permissions to records access, without the hassle of hand-delivering signed forms.

Beyond Security

Today, biometric fingerprint sensors have taken on new roles beyond password replacement. The same sensor that provides security can also be used for convenience, navigation and personalization – something we call The Power of Touch. With the simple touch or swipe of finger, users can speed dial friends or open buddy lists on their phones, or switch desktop and open applications on their computers. Engineers at AuthenTec and many other companies are working on new ways to make the sensors perform other functions and features as well. The possibilities are almost limitless.

 

Scott Moody is the CEO and President of AuthenTec, a semiconductor company and the leader in fingerprint sensors for the cell phone, PC and access control markets.