The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Do you trust the fingerprint reader?

    Discussion in 'Lenovo' started by blackthinkpad, Jan 28, 2011.

  1. blackthinkpad

    blackthinkpad Notebook Consultant

    Reputations:
    0
    Messages:
    161
    Likes Received:
    3
    Trophy Points:
    31
    I have mine permanently disabled. I have a fear it'll malfunction and lock me out one day.
     
  2. unreal25

    unreal25 Capt. Obvious

    Reputations:
    1,102
    Messages:
    2,373
    Likes Received:
    0
    Trophy Points:
    55
    Well, you can always manually type the password in addition to the fingerprint scan, can't you?
     
  3. Renee

    Renee Notebook Virtuoso

    Reputations:
    610
    Messages:
    2,645
    Likes Received:
    0
    Trophy Points:
    55
    I use the fingerprint reader on my t61p. It does fine and as has been suggested there is a alternate way of logging in. I use a standard Microsoft version of widows. The fingerprint reader has always worked fine.

    Renee
     
  4. jaakobi

    jaakobi Notebook Evangelist

    Reputations:
    114
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    30
    definitely have a backup password to login. But where you shouldn't trust the fingerprint reader is for really sensitive information (corporate, government), because professional hackers and spies will make minced meat out of it. Your laptop is covered in fingerprints and it's easy enough to fool the fingerprint readers built in to most laptops (maybe the FIPS readers on some Dells are harder to fool, but most of the time, corporate and government people use Smart cards and passwords, maybe in conjunction with a FIPS reader)
     
  5. SHoTTa35

    SHoTTa35 Notebook Consultant

    Reputations:
    155
    Messages:
    248
    Likes Received:
    1
    Trophy Points:
    31
    Seriously? LOL... i always hear people talking about crazy security setups that's so intrusive that makes it a problem for even the normal user. Doomsday theorists are running crazy. WIFI password security so long and complex that nobody can remember it. If Kevin Mitnick lived next door and you were a top CIA agent then ok, but then again why would you have top level security stuff at home out of the controlled environment? This is where getting to know thy neighbor comes in. If it's little punk who wants to steal your internetz to download or whatever then not a major threat but then again how many people live next door to top hackers that can break passwords that easily, or even care to? If mr uber hacker lived next to my house i'm sure i'd be the last person on his list to hack anyways.

    The point is, any security can be compromised with time and skill. The only way to 100% secure something is to not need to secure something. If you have your little generic WPA2 password, anyone that's gonna spend the time and energy to break in wont be living next door that's for sure.

    As for the OPs question, when you first setup any fingerprint reader it either asks you to create a Windows password or it asks you to type it in as a confirmation that the prints being put in are the owner of the current account. You can't "lock" yourself out of Windows as even with a fingerprint and a forgotten password you can reset the password from DOS/Linux or anything these days.

    I specifically choose laptops with Fingerprint readers as a convinience to me, not to block out anyone out there that wants to steal my information. Surely it does keep people off my system and even as a deter would be theives but that's not why I choose to get a system with it at all.
     
  6. unreal25

    unreal25 Capt. Obvious

    Reputations:
    1,102
    Messages:
    2,373
    Likes Received:
    0
    Trophy Points:
    55
    Heh, yeah I think (no pun intended :p ) the fingerprint reader is more like a gimmick. I was always able to type my password faster. Plus the fact that so many times it didn't recognize my fingerprint because I swiped "too fast" or something like that.

    I heard that even retinal scans are all bunch of baloney. The biology behind it (which I don't know that much about) is that your retina actually changes with time.
     
  7. Renee

    Renee Notebook Virtuoso

    Reputations:
    610
    Messages:
    2,645
    Likes Received:
    0
    Trophy Points:
    55
    "I specifically choose laptops with Fingerprint readers as a convinience to me, not to block out anyone out there that wants to steal my information. Surely it does keep people off my system and even as a deter would be theives but that's not why I choose to get a system with it at all"


    I agree. Since I do not believe in business I have no confidential documents at all.

    Renee
     
  8. evilid

    evilid Notebook Consultant

    Reputations:
    21
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    30
    I prefer fingerprint readers because I don't have to ask my coworkers to look away while I am typing the password.
     
  9. deki

    deki Notebook Geek

    Reputations:
    128
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    15
    I have one on my HP Pavilion laptop, but rarely use it. When I ordered my X201 a few days ago, I opted out of the finger print reader.
     
  10. jaakobi

    jaakobi Notebook Evangelist

    Reputations:
    114
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    30
    It's not just CIA and other government agencies. Corporate security is taken very seriously, given the incidence of corporate espionage is very high.

    My point was that fingerprint readers on laptops aren't very good security, except maybe the FIPS readers. I actually use my fingerprint reader too, I don't have anything too "sensitive" on my laptop and I wouldn't care if someone was looking at it. I was just making it known that the usual laptop fingerprint reader isn't good for corporate or other security which is taken very seriously.
     
  11. erik

    erik modifier

    Reputations:
    3,647
    Messages:
    1,610
    Likes Received:
    2
    Trophy Points:
    55
    unless you use the FPR in conjunction with another security method then the FPR by itself is no better or worse than a typed password.   if you use the FPR to replace power-on and windows passwords then it's no more or less secure than the keyboard on which you type.

    true security has to be combined with encryption and a second, third, or fourth authentication method.

    if someone is really concerned about data protection then their thinkpad would need the following:
    - complex power-on and supervisor passwords
    - complex windows password
    - complex hard drive or SSD password
    - full-encryption hard drive or SSD
    - fingerprint reader
    - smart card reader
    - lenovo client security solution to integrate FPR, typed password, and smart card authentication
    - file-level encryption such as safeguard privatedisk

    losing a system set up like the above should protect data with a reasonable amount of confidence.

    with that said, i trust the fingerprint reader.   but, i also know that it is only one small part of a much larger scheme.   it's all in how you use it.
     
  12. Renee

    Renee Notebook Virtuoso

    Reputations:
    610
    Messages:
    2,645
    Likes Received:
    0
    Trophy Points:
    55
    "Corporate security is taken very seriously, given the incidence of corporate espionage is very high."

    I hear that there's an even higher rate of capitalism.

    Renee
     
  13. SHoTTa35

    SHoTTa35 Notebook Consultant

    Reputations:
    155
    Messages:
    248
    Likes Received:
    1
    Trophy Points:
    31
    Anyone at a corporation with information to steal and let it leave out the door with John Harris and trust he'll keep it safe doesn't value John Harris or whatever data he has access to. If not, he'll just enter his password - "password123" and have access to Social Security database in Maryland while sipping your coffee at Starbucks in DC somewhere. :D

    Nobody (in corporate) thinks of fingerprint readers as a security method especially on a mobile laptop. If it was tied down in a secured room then ok. The first rule of any security is to prevent access, not just to the info but to even attempts at getting the info. Anyone with physical access to the system can get in via tons of different ways providing they have enough time. If they stole the laptop then they have all the time in the world.

    Fingerprint readers only stop girlfriends from logging in and checking your email/facebook to see if you are getting naked pics from some skank chick while you are taking a shower. LOL
     
  14. unreal25

    unreal25 Capt. Obvious

    Reputations:
    1,102
    Messages:
    2,373
    Likes Received:
    0
    Trophy Points:
    55
    'password123' haha what a lousy password... er hm I'll be right back, I need to go.... take care... of something.
     
  15. KnightZero

    KnightZero Notebook Consultant

    Reputations:
    93
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    30
    I never rely on any single security method for authentication. Strong passwords, encryption, and knowing when to leave the laptop at home (this is what a netbook is for). I only rely on a password to keep nosy coworkers from stealing my music and sending prank emails from my account, and the fingerprint scanner would just be a simpler way of logging in.
     
  16. lead_org

    lead_org Purveyor of Truth

    Reputations:
    1,571
    Messages:
    8,107
    Likes Received:
    126
    Trophy Points:
    231
    Redundancy is a crucial part of any security measure. As said don't rely on one security method.
     
  17. lineS of flight

    lineS of flight Notebook Virtuoso

    Reputations:
    363
    Messages:
    2,330
    Likes Received:
    2
    Trophy Points:
    55
    How many of you actually use these various levels of security in your personal computing environment (I am only referring to personal stuff and not work related)?

    I only have the standard Windows login. Also, when I do back up (which I have not done for the last 105 days!), there is a password and encryption utility that came with the external drive and I use that. And, I carry my laptop everywhere! I guess I am very careless.
     
  18. ThinkLover

    ThinkLover Notebook Consultant

    Reputations:
    36
    Messages:
    234
    Likes Received:
    1
    Trophy Points:
    31
    AES encrypted drive is what I use.
    I know, it's hackable with enought effort, but hell - if someone will really enjoy my couple GBs of movies, music, photos and some 'whats up' emails with grandma - go on :p
     
  19. merlin666

    merlin666 Notebook Consultant

    Reputations:
    0
    Messages:
    188
    Likes Received:
    0
    Trophy Points:
    30
    I find the fingerprint reader very convenient as I am prone to typos and forgetting passwords. However, I don't like th easy access to the passwords file that the reader uses ...

    A somewhat related question: I have switched to Comodo Internet Security and it does not like the fingerprint reader and gives me a hard time login in - is there a specific file that the fingerprint reader uses during the boot process which I would need to add to the list of Comodo trusted applications?
     
  20. ThinkRob

    ThinkRob Notebook Deity

    Reputations:
    1,006
    Messages:
    1,343
    Likes Received:
    2
    Trophy Points:
    56
    Excellent post.

    As a counterpoint to the above, I have basically that exact setup, minus the smart card and fingerprint reader. My root partition's LUKS password is stored on my YubiKey which literally never leaves my side.

    In addition to the fact that I'm a little concerned about the false positive rate of consumer-level readers, I'm quite concerned about the prospect of my machine getting bricked. Right now if that happens, I can simply remove the drive, plug it into pretty much any other ThinkPad, and be up and running as though nothing happened. If I lock down my OS and/or boot image so as to require a fingerprint, I lose that freedom. Of course, I set up my ThinkPad to require it on boot -- but that doesn't really provide much in the way of security.

    As far as my encryption passphrases: my root partition's is a long pseudo-random string. My home partition's passphrase is a 50+ character sentence which includes mixed cases, special characters, and numbers. The same goes for my root password and my GPG keys.

    And you know what it's protecting? Not much of anything. A couple source trees, some personal e-mail, and a few saved passwords. So given that I'm a difficult, low-reward target, I'm not too worried. I'm far more worried about someone stealing the ThinkPad, wiping the drive, and pawning it than I am someone gaining access to my data.
     
  21. MAA83

    MAA83 Notebook Evangelist

    Reputations:
    794
    Messages:
    604
    Likes Received:
    3
    Trophy Points:
    31
    I don't use ALL the listed recommended measures. But I do use a complex supervisor/hdd/power on password, as well as a strong windows password, and I use TrueCrypt to encrypt my system drive. Like someone else mentioned, I'm a low reward target so I don't think anyone would dedicate enough time to breaking in to my HDD - just not worth it. The power on passwords and supervisor passwords protect the machine itself if stolen. I think for an avg. user that's more than secure.
     
  22. commander

    commander Notebook Consultant

    Reputations:
    0
    Messages:
    233
    Likes Received:
    2
    Trophy Points:
    31
    I trust the reader. The best is that it is a huge time saver. When you have set power on PWD, HDD PWD, win PWD, all different and difficult, this thing can fill these in a second.
    When the reader is broken, you can attach your reader via USB (i have it because the notebook is docked and closed).

    But I would like to know, what technology is lenovo used for his readers, because some of them can be very easy to hack with tools you can buy in a drug-store. It is possible to obtain some fingerprints from the notebook itself like the lid, palmrest, touchpad whatever, and reproduce the fingerprint. That could be a problem.
     
  23. erik

    erik modifier

    Reputations:
    3,647
    Messages:
    1,610
    Likes Received:
    2
    Trophy Points:
    55
    thinkpad FPRs are either manufactured by UPEK or authentec depending on the generation.   visit each of their sites to read about the technology they employ.   rest assured you won't be hacking them with drug store items.   you're welcome to try though. :D

    both companies merged back in september and are now the single largest supplier of fingerprint biometric scanners.
     
  24. ThinkLover

    ThinkLover Notebook Consultant

    Reputations:
    36
    Messages:
    234
    Likes Received:
    1
    Trophy Points:
    31
    If you keep on your computer really valuable data, potential thief would just cut your finger :D

    Don't be too paranoic.
     
  25. Renee

    Renee Notebook Virtuoso

    Reputations:
    610
    Messages:
    2,645
    Likes Received:
    0
    Trophy Points:
    55
    '' potential thief would just cut your finger :D"

    Right on both counts. The fingerprint reader is good for what it is...but it does have significant security limitations.

    Renee
     
  26. MikesDell

    MikesDell Notebook Evangelist

    Reputations:
    244
    Messages:
    690
    Likes Received:
    16
    Trophy Points:
    31
    I just use my fingerprint reader to log onto Windows. Sometimes it works, most of the times I have to swipe my finger multiple times for it to work, and sometimes it just never enters correctly.

    That's why now, I just type a password in, to me it's faster then swiping my finger wondering if it will work on the first try or not lol
     
  27. HoboJ

    HoboJ Notebook Enthusiast

    Reputations:
    0
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    I trust the fingerprint reader. It's fast and convenient to just swipe my finger and go. No password required even if I do have one as a backup. I'm not a high value target so I'm not going to go through multiple security steps just to get to my desktop :)
     
  28. Ingvarr

    Ingvarr Notebook Deity

    Reputations:
    292
    Messages:
    1,090
    Likes Received:
    115
    Trophy Points:
    81
    I dont use fingerprint reader, if anything, they only provide false sense of security.
    In fact, using fingerprint reader equates to leaving your passwords on anything you touch (and yes, its pretty easy to fool the "consumer-grade" readers with "artificial fingerprints", plenty of info available on the internet).
     
  29. Ahbeyvuhgehduh

    Ahbeyvuhgehduh Lost in contemplation....

    Reputations:
    574
    Messages:
    775
    Likes Received:
    0
    Trophy Points:
    30
    For me it is not that I don't trust it, but rather that I prefer the log on method.
     
  30. ThinkSeries

    ThinkSeries Notebook Enthusiast

    Reputations:
    0
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    15
    Don't Trust but It help to login quickly and easier
    we are always lazy to type password for anything so fingerprint can keep security for us. I feel good to have one :0
     
  31. Thaenatos

    Thaenatos Zero Cool

    Reputations:
    1,581
    Messages:
    5,346
    Likes Received:
    126
    Trophy Points:
    231
    I dont trust fingerprint readers as they are the easiest biometric to bypass.