By: Jonathan Kwan
January 23, 2006
You've seen it in movies, but Digital Persona brought it to real life. No, I am not talking about a time machine -- but today we'll be reviewing the DigitalPersona Pro for Active Directory. This is a biometric security package designed for Windows-based networks. What you will get out of the box is the U.are.U 4000B fingerprint reader and the software package.
Our review unit came in a nice box. If you look closely at the photo, UPS is used for shipping, and if you wonder, yes, they did dropped it at my door and left just like last week with the Func sUrface 1030 Archetype we reviewed.
On the brighter side, no one took it just like last time, so I'll move on with my review.
Out of the box is the driver/software CD, the U.are.U 4000B fingerprint reader, a quick start guide and a regulatory information sheet. The quick start guide proves to be fairly useful to first time users as some common questions are usually answered in there. Just in case you wonder, there is nothing under the cardboard where the CD is resting on as you can see in the photo. It's there to fill in the extra spaces in the box to prevent the product inside from sliding around.
When it comes to computer peripherals and accessories, how visually appealing the product is counts almost as how useful it actually is. It gives the will-be buyer a good first impression. At first look, the DigitalPersona U.are.U 4000B does not fall behind to other products in terms of aesthetics.
It looks very sleek to me.
The amount of space it takes may also be an issue. At home it might not seem as important, but in little cubicles and small desks in an office, space is just as important as profits. As this product is aimed at business and corporations, the design is perfect, where the look and size is just right. The photo above compares the fingerprint reader to my Creative Zen Micro 5GB.
After taking a look at the fingerprint reader, I dropped the software and drivers CD into my DVD-ROM drive and began the installation. Installation was quick and problem-free. After a quick reboot the logon screen changed from the standard Windows XP logon screen to the domain-style logon screen. Another thing I noticed was the Windows XP logo normally displayed has been replaced by Digital Persona logos.
After I typed my password and logged in (My fingerprints were not registered at this point yet) login took a little longer than usual. Just as I was wondering if this program lagged down my computer like early versions of Windowblinds, a screen appeared on the screen and asked me to register my fingerprint for the first time. I selected a finger from the on-screen image of a hand and registered the corresponding finger. All you need to do is put your finger on the reader four times, and if the reading is good, you are good to go. It is recommended to register more than one finger as it is possible that you might cut your fingers some other time.
It won't let me take screenshots at that screen so I'll have to use my digital camera.
Registering a fingerprint. Digital Persona claims that the U.are.U 4000B can read fingerprints at different angles. For me, as long as you put your fingerprint flat and centered on the reader, it will read just fine. The U.are.U 4000B read my fingerprint quickly correctly 90% of the time. The Microsoft fingerprint reader uses the same fingerprint reader module as the U.are.U, so theoretically the performance should be identical.
As most of the readers know, people have been fooling fingerprint readers with gummy bears for quite a while. While that "test" is in every review (And for the same reason of it) I am not going to spend much time discussing this issue, and instead I'll write more about the features of this biometric security package. After all, fooling the fingerprint reader with a gummy bear is not too much of a security risk. To tell the truth, it's fairly hard to steal someone's fingerprint, make a mold and put the gummy bear in. (Yes, it's possible -- make the person hold a clear glass cup, make a replica of their fingerprint, wrap it around your own finger, put it into a plastic mold and put some gummy bears into the mold) After all, it would take a lot of time and effort, and you will have to specifically target a person. If you really want to get into a certain computer or a computer in a company network, there are easier ways than to steal a fingerprint and fooling a fingerprint reader.
Anyway, after registering a few fingerprints, I moved on and entered Windows. Just out of curiosity, I went to see if it is possible to change to the typical 'home' way of logging into Windows instead of the domain-style logon where you have to type your username and stuff. For this reason I went into User Accounts under Control Panel and clicked "Change the ways users log on or off". This prompt instantly appeared:
---------------------------
User Accounts
---------------------------
A recently installed program has disabled the Welcome screen and Fast User Switching. To restore these features, you must uninstall the program. The following file name might help you identify the program that made the change: dpmsgina.dll
---------------------------
OK
---------------------------
You can view the screenshot here since it's a little too wide to embed onto this page.
On the System Tray in Windows, you will notice a new icon appeared. Double clicking the icon instantly locks your computer, but to most people pressing Windows + L is more convenient. How the Digital Persona software lock your computer operates a bit differently than Windows + L, using the DigitalPersona lock function it signed me off Windows Live Messenger. Since this happens I'll use Windows + L instead. You can also access the fingerprint reader Options window by right clicking the system tray icon and selecting the proper thing to click, but there's a better way (more on that later) so I went on and disabled the tray icon.
At any time you can put your fingerprint on the fingerprint reader to view a menu. This menu allows you to create fingerprint logons. Adding onto that, you can access the Quick Links menu which goes links to sites you saved your fingerprints on using Internet Explorer. A Help shortcut is also there and below that is the Properties (The alternate way of accessing that Options window I mentioned earlier). Encryption is also available on systems using the NTFS file system. The particular computer I installed the fingerprint reader on uses FAT32 (Because I run older versions of Windows at the same time) so the option is not available.
A little picture appears on the top left corner of your screen when you make a fingerprint reading. To show if the fingerprint is recognized or not, a red question mark will appear like the screenshot above if the fingerprint is not recognized by the reader; if it's recognized then a green checkmark will be displayed.
Creating a fingerprint logon in Internet Explorer.
Using the DigitalPersona Pro for Active Directory within Windows is fairly easy. To create a fingerprint logon, just bring the desired logon screen in focus and put your finger on the U.are.U 4000B to display the menu as mentioned earlier. Click "Create fingerprint logon" and you are good to go in a few easy steps. You can also set it to create a fingerprint logon by a combination of keys and a fingerprint reading (Eg. Press SHIFT + fingerprint reading to create a fingerprint logon). This can be configured in Properties.
After using the DigitalPersona Pro for Active Directory for a while I noticed some compatibility issues. It doesn't work with Windows FTP (Eg. when you type ftp://aphnetworks.com in Explorer), Windows Live Messenger 8 BETA and the STEAM client. The biggest compatability problem I ran into is its incompatibility with Mozilla Firefox 1.5. Almost 50% of APH visitors uses Mozilla Firefox, (About 10% lead in front of Internet Explorer) this does create a problem. As companies and home users slowly make the switch to the use of the Firefox, I hope they will get it fixed in the next driver release. I am using driver version 3.4.0 right now.
Regarding the incompatability issues with programs other than Mozilla Firefox 1.5, I got on the phone with Vijay, the systems engineer at Digital Persona (By the way he was such a nice person to talk to). Anyway, he took control of my computer and showed me how to use the One Touch SignOn Administration Tool, which you have to install seperately from the CD. Using the OTS Admin Tool, you can create custom templates for using the fingerprint reader with different programs that requires passwords. The tool can be used to fill in form fields and emulate keystrokes (Eg. emulate a Tab keystroke to move to the next field and emulate a Enter keystroke to... well... sign on) which is very useful. I recommend you to install the OTS Admin Tool even if you are using this at home, since you can make the U.are.U work with 90% of the programs (As Vijay says, which proves to be quite true).
So after Vijay helped me configure it so it works with Windows FTP, I decided to try a few myself. As a side note, the program detects Windows FTP's password prompt as a login screen, but somehow it just didn't work, so a custom template has to be created. In my case it doesn't even detect STEAM client's logon screen as a logon screen, so I decided to create a custom template for it. Guess what... it works! That's amazing!
As you can see in the STEAM window a DigitalPersona icon is shown to inform the user a fingerprint logon has been created for that particular program or webpage. I am not a big fan of that icon as it looks like a stretched and enlarged low resolution image. It would be excellent if they improve the icon in the future.
Using the OTS Admin Tool I also created a custom template for Windows Live Messenger 8 BETA. It works, but for some reason it keeps checking all the checkboxes in the login window, making WLM8 save my email and password.
Hey -- what if you need to register more fingers or modify your registered fingerprints? All you need to do is press CTRL+ALT+DEL, and you'll see a new option in that window as you can see in the screenshot below.
Yeah it won't let me take a screenshot so I'll have to use my digital camera once more.
After you clicked "Manage Fingerprints" it will ask you for a recognized fingerprint to move on to modify registered fingers. Everything should be familiar to you as this is the same process as you have registered your fingerprints for the first time.
After talking about all these amazing features, benefits and ease of use, how practical is a fingerprint reader anyway? In this area I'll agree with what Digital Persona says -- the chain is only as strong as its weakest link, and in companies, employees often has weak passwords. People can gain access to your company's network with relative ease. If your company requires the use of complex passwords, employees will often just write it down somewhere -- which makes the person even easier to gain access to your network.
Using a fingerprint reader saves a lot of time, if not money. Users will not have to remember their passwords anymore, in the odd case of remembering a password is required, administrators can easily reset the user's password. A fingerprint cannot be shared as a password could be shared, and it's a lot of time and effort to steal a fingerprint, unlike stealing a password. This creates more efficiency within the company, so employees can do more in less time -- whereas before, users and network administrators alike, spend immense amounts of time dealing with passwords.
At home, it creates the "1337 factor" and fun for the home user besides the enhanced security offered by Digital Persona. Other convenient features included is the "one touch user switching" -- just put your fingerprint on, and user switched. Simple as that. (I asssume that the other person's fingerprint has been registered already with another account on your computer)
Since the DigitalPersona Pro for Active Directory is tested in a home environment (Not on a domain), some features have not been tested. However, according to Digital Persona, employees can move around workstations and logging onto their account with their own fingerprint without reregistering them on the specific workstation they want to log into. Also, when fingerprint data transmitted, whether from the U.are.U 4000B to your computer, or from your computer through a network cable to other parts of your network, is encrypted.
Overall, the DigitalPersona for Active Directory is an excellent product. It creates better efficiency and real conveniece in companies, while using this at home, the U.are.U implements more fun into daily computing. This biometric security device recognizes my fingerprint 90% of the time, and does it quickly too. The One Touch SignOn Adminstration Tool allows better compatibility with different software that the drivers doesn't originally support. However, if this product works with Mozilla Firefox 1.5, it would be perfect. Despite its incompatibility with Firefox 1.5, if you own a business or if you are a network adminstrator, the DigitalPersona Pro for Active Directory is definitely a must have.
Special thanks to Ben for making this review possible and Vijay over at Digital Persona for patiently working with me and answering all my questions.
Note: The number ratings below has been adjusted accordingly to comply with our new Number Rating System.
Rating: 7.5/10
What do these ratings mean?