Biometrics Harden Passwords

Polysius Corp. keeps cement and minerals manufacturers in business with its specialty equipment parts for the large-scale factory environment. This subsidiary of ThyssenKrupp manufactures core proprietary elements and custom machinery. With just 150 employees in its Atlanta office, Polysius competes through sheer brainpower and efficiency.
By Jared Pfost, BioPassword November 1, 2007

Polysius Corp. keeps cement and minerals manufacturers in business with its specialty equipment parts for the large-scale factory environment. This subsidiary of ThyssenKrupp manufactures core proprietary elements and custom machinery. With just 150 employees in its Atlanta office, Polysius competes through sheer brainpower and efficiency. Research and development engineers innovate, production and manufacturing workers forge those designs into products, and business executives market and sell the products.

IT manager Jim Krochmal and his staff worried about insecurities of usernames and passwords that were standing between the bad guys and Polysius’ intellectual property. He knew that a simple case of credential sharing or password theft could compromise it all.

“We have confidential information and designs, as well as a lot of equipment and information in our environment that we want to protect,” Krochmal says. “But at the same time we want to make sure our people can be as productive as possible. I had been looking at two-factor authentication for several years, but it has always been relatively complex with certificates or other issues. It was hard to justify for our small environment.”

Then he read about the keystroke biometric authentication solutions offered by BioPassword Inc. The technology authenticates users based on the unique typing rhythms they use when keying in user names and passwords. Even if an intruder were able to steal a user’s credentials, he or she would be unable to log in because another typing pattern would not match the user’s profile.

An economical technology

Looking into the technology, Krochmal saw that it was cheaper and simpler than certificate- or token-based approaches. “BioPassword has lower complexity, lower installation costs, lower ongoing costs and the same effective security levels as the other choices for two-factor authentication,” he says. “I didn’t have to set up any fancy certificates, do any kind of user association and I didn’t have to buy extra hardware. It uses what’s already there.”

Plus, Krochmal found that BioPassword was able to support remote users and those connecting via Citrix and other thin-client applications.

The only disturbance during deployment was a period when users first created a biometric typing profile. “Now that everybody has gotten past that point, I don’t ever really hear about it,” he adds, after running BioPassword since spring, 2007.

He says that most users responded very positively. They didn’t need to tote tokens or Smart Cards from home to work; they only needed to keep entering their credentials as they always had done before.

The overall result is a much more secure authentication system that allows Krochmal to rest easier at night while keeping his bosses happy from a cost and ease-of-use perspective. “They’re pleased that it is in place,” he says, “and even more pleased that it is not interrupting production.”

Author Information
Jared Pfost is the vice president of security and product strategy at BioPassword.