Now that the U.S. government has announced it is using fingerprint readers to authenticate foreign visitors, it’s time to revisit the use of this technology for securing laptop and handheld computers.
One advantage to fingerprint readers, or biometrics in general, is that there are no passwords to forget or cards to lose. On the other hand, keys, cards and passwords can all be easily replaced if lost or compromised, but if a fingerprint were to be virtualized, there is no practical way to replace it. Fingerprint readers also present reliability problems.
While passwords are the most common—yet least secure—method of securing PCs, smart cards are also becoming more common. One advantage to smart cards is their versatility—in addition to securing your PC, they can also be used to access corporate facilities or networks, and even as a corporate charge card (though I’m not aware of anyone doing all of that with a single card yet). Although quite common in the European Union, smart cards have not completely caught on in the United States.
One of the biggest problems with securing a laptop or a handheld computer has been that, regardless of the security, the data remains relatively vulnerable to physical attack. By simply removing the hard drive and placing it in another system, anyone can access the data in your computer. Drives can be encrypted, but this can dramatically decrease performance.
This is where the Trusted Computing Group comes in. The group—made up of hardware OEMs from around the world, chip companies and Microsoft Corp.—has developed a specification to secure data properly on a laptop computer—a method that could also be applied to a handheld device.