| Microsoft has aquired Digital Persona technology for their fingerprint sensor (keyboard & mouse), so It may be time to read this "old" review (posted before M$ even announce avaibility of it security device line) because it contains some comments you won't find elsewhere:
product name U are U, U.are.U
By Digitalpersona, Microsoft |
{mosgoogle center}
Usage: You can create as many profile as needed, open a browser and go to the login page (Here I choose www.runryder.com as an example) 
Put your finger on the sensor, the page do not exist in the keystore, so a page will popup. The title of internet page is use as key. | 
Enter the first credential, here the login and drag it to the right place in logon page. Repeat for all fields in page. |  |  | | next time You go to that page, put your finger on the sensor and You're in! |
{mosgoogle center} Bad: - Only working in Internet explorer, not working in any other browser: Opera or Mozilla
NEW: U.are.U is working in Firefox 1.0 but Microsoft fingerprint NOT - Security by obscurity (which has be proven to be the worst strategy in history of cryptography): no mention to algorithm used, cipher strengths, no possible review of code. Would'nt it be good for customers, or sales to use clearly communicate on algorithm used?
- Impossibility to do a backup of the keystore, web profiles... where is the repository of credentials? in windows SAM registry? If you lost your windows account (due to a crash or whatever), your only option is to use the small recovery utility provided, but you will have to remember your passphrase, and you have lost your web account profile.
- Only working with Windows! Linux is gaining market share at the rate not seen before, why not opening some part to the community or developing a drivers?
- In a browser, profile are depending on windows title -> clearly not enough if you have many credential on different pages which the same title. Maybe the software should use a variable html part of the content, url...
- Dll mess, a lot of library are copied to windows/system32 but this is common under Windows...
- Software version is 2.1, no update since 2002. I would like to see more options!
- The manual do not give enough advices on how to increase security, which habits are bad, and basics security concepts.
- Encrypting disk or directory is not possible: only files. You can right click on any file, choose encrypt
and start encryption by putting one finger on the sensor:
Decrypting is done by double clicking on a encrypted resource, and putting one finger on the sensor: EASY
{mosgoogle center}
Good: - Work perfectly with Windows, no problems with: lotus notes login, windows logon, web browsing...
 |  | | You are identified | Unknow user |
- GUI for the average Joe user, nice and simple, very easy to use. Here the contextual menu:
 - Very fast regognition,
- Fast Learning phase, in 5 minutes the device is working.
- Nice design, the red color is a nice touch on your desk.
- Price tags under 69$ in USA (but be careful it will cost You 270€ in Europe...)
- Good integration in windows (here in system tray)
{mosgoogle center} Conclusions/What I would like to see - Open source the code!!!!
- Working with other browser, Mozilla has 18% of market now, all together alternate browser have less than 30% (see google geist here)
- Use a know standard: PGP? for example (PGP disk for encrypting folder and partitions)
- Name of algorithm used: Blowfish?, AES? and options to change cipher strength.
- A file based keystore, a lot more easier for backup.
- A linux version or plugin for Kwallet.
New What are the differences with the Microsoft version?
I've had the chance to see a Microsoft keyboard with the fingerprint reader in action, what a shame!!
- Only basic functionnality are still in the driver.
- No possibility to encrypt file with the device,
- It is working ONLY in Internet explorer, not in Mozilla (Is it a surprise for You???).
- Only "normal" windows are recognized by the system: no way to use it under a terminal (rxvt - cygwin) where the digital persona just work.
I would stay away from the Microsoft version as long as they do not integrate new intersting capabilities. No need to mention that drivers are not compatible each other....
{mosgoogle center} Overall A product for geek, but due to lack of peer reviews on algorithms, it is certainly not a corporate device in any means. For example: why attacking the keystore if you can hook a backdoor to the activeX component in use? (should be easy to do with all Internet explorer issues...)
Links
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
sell them in usa at a good prices, also on ebay.com as well
EHAG
Industriestrasse 8
Oetwil am See, ZH 8618
Switzerland
+41 43 844 94 00
www.ehag.ch
COMEDIA
4 BIS ALLEE CHARLES V
VINCENNES, - 94300
France
33 1 43 28 48 48
www.comediatech.com Others reviews: {mosgoogle center}
|
Tags
