May 2, 2000 2:10 PM PDT
Microsoft eyes new security for Windows
The software giant today said it has entered a pact with security software firm I/O Software to integrate the company's Biometric API (application programming interface) directly into Windows operating systems. Windows users could opt to have their identities verified through fingertips or other physical characteristics, rather than traditional passwords.
Riverside, Calif.-based I/O Software offers security products that verify identities--and correspondingly limit or allow network access--through fingerprints, irises, retinas, voices and faces. The technology is available with Windows 95, Windows 98 and Windows NT; Windows 2000 support is expected this summer, the companies said.
Biometric technology matches stored 2D and 3D images of an individual's body parts with the person. These systems often can compensate for aging, weight gain and other variations. The sheer volume of topographic data captured on a typical stored image also serves to deter fraud: Wearing a Bill Clinton mask won't likely get someone past a biometric firewall.
"We always strive to provide the most advanced security technology that we can offer," said Shanen Boettcher, a product manager at Microsoft. "This is an example of us responding to both customer demand and industry momentum."
Microsoft's decision to integrate biometric technology into the operating systems is a win for the futuristic security, which has generally been considered too expensive and difficult to implement. Several companies, including Compaq Computer, have promoted biometrics with little success. By adding biometrics directly into the operating systems, Microsoft will potentially lower the hurdles.
The actual need for the technology also remains questionable. Passwords can be lost, forgotten or stolen, but in most cases they get the job done, said Frank Prince, a security analyst with Forrester Research. Like biometrics, password systems based on smart cards and other "token" verification systems can provide enhanced security, but the majority of computer owners have yet to adopt them.
Forgotten or lost passwords often account for the majority of a company's internal help desk calls, Prince noted, an expense many companies are trying to lower.
"There's a distinct, urgent need for this," said William Saito, president of I/O Software, explaining that integrating the company's technology directly into the operating systems allows customers to purchase physical verification hardware without installing additional software. "This is also pretty good for home users who need this to keep their kids from using Quicken or launching Internet Explorer and looking at bad Web sites."
Microsoft also may be trying to erase the perception that its software skimps on security. Windows operating systems have been hit by a variety of security issues over the years, and offering the highest possible verification technology may help ease the image of Windows as vulnerable.
"They've taken a lot of hits for security, and biometrics is a sexy security product," Prince said, noting that many companies will probably choose not to invest in pricey fingerprint verifiers and voice recognition software. "Companies still have to ask the question, 'Is the password good enough?' If the answer is yes, no one is going to put in retinal scanners."
Microsoft declined to specify when it will offer the technology. "We have heard from customers that they'd like to see this very soon," Boettcher said. "We're working to do that."