Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#213 Integration with Biometric Authentication

open
nobody
None
5
2012-09-17
2005-03-28
jacob
No

Currently, the login process is susceptible to keyboard
logger attack (attacker can easily capture the master
password). Can anyone think of a way to associate the
master password with a biometric device (fingerprint
scanner, or a smart card)? so as to eliminate the need
to type it.

Discussion

  • Rony Shapiro
    Rony Shapiro
    2005-03-29

    Logged In: YES
    user_id=370700

    I'd guess that each biometric device comes with its own API
    for using it. At least, I'm unaware of any standard in this
    area. Given such an API, it would be straightforward to use
    it instead of the master password dialog box.

     
  • TZ
    TZ
    2005-08-24

    Logged In: YES
    user_id=704895

    Some developers are using flash drives as storage for
    authentication info, similar to "key floppies" or dongles.

     
  • Don Suhr
    Don Suhr
    2005-11-17

    Logged In: YES
    user_id=1349261

    The fingerprint reader from Digitalpersona and the one they
    OEM for Microsoft in the Fingerprint Scanner & Keyboard with
    built-in Scanner both work with Password Safe.

    I've been using it that way since I bought the first version
    of the DigitalPersona UareU fingerprint scanner for Windows XP.

    I have since tried it with both the MS stand-alone
    fingerprint reader, and the MS fingerprint keyboard, and
    they all work.

     
  • Logged In: NO

    How about a software solution without additional hardware -- A virtual keyboard (like used by treasurydirect.gov (https://www.treasurydirect.gov/RS/BPDLogin?application=rs)) and others. It randomly changes positions of the letters on the screen with each refresh, so the bad guys would need to know both where your mouse is at the time and what the underlying keys were. cudihy@hotmail.com

     
  • Rony Shapiro
    Rony Shapiro
    2007-11-03

    Logged In: YES
    user_id=370700
    Originator: NO

    Hm,

    A virtual keyboard is an interesting idea. The implementation problem I see is the need to support many languages, as not all users have their passphrases in English characters.