Thinkpads Forum

I'm trying to understand just how secure the FPR is. In the IBM white paper they say that...

"If the integrated fingerprint reader is not available, it is necessary to use the CSS administrative tool to change the policy with regard to the fingerprint reader. Once that is done, normal use can proceed without the fingerprint reader."

So if I break the FPR, I can still access the data only if I have the password? Doesn't that mean that the FPR really is just a convenient thing to login to your computer, but that it is easy to just bypass it?

I don't know the different levels of security, but is a standard ThinkPad (w FPR) considered to be secure at "government level" or do you need complimentary security products to achieve that?

The fingerprint scanner is mainly for convenience. Secure fingerprint scanners take several seconds to ID your finger. These will make an occasional error.

No security is foolproof. If you need real security, use a password at least 20 characters long, and contains at at least 2 of each: lowercase alpha, uppercase alpha, numeric, non-alphanumerical character. Also no words or abreviations.

So, for instance, SafeGuard Easy, with full encrytpion on harddrive together with FPR isn't any safer than SafeGuard Easy together with a password?

The fact that you must have the correct fingerprint to access the computer is easy to go around?

If you're not using a security system that encrypts your hard drive, then the security is pretty low (non-existant), right? If your laptop got stolen, it's just a matter of botting it from an external drive I guess.

The fingerprint scanner (on my X41, anyway) just seems to be a way of not having to type passwords.

When I "log in" to Windows, I scan my finger and, very briefly, the typical login box appears, with my password entered (shown by dots, but it's the correct number of dots corresponding to my password length).

So, I assume the fingerprint software just scans your finger, checks it against its database and, if its a match, then looks up your password (hopefully encoded!) in its database and sends that to the O/S as if you'd typed it yourself.

In other words, the fingerprint scanner is a convenience, not a security tool.

If you're worried about data, encrypt it. I don't bother. I do, though, have the HD password set so that if someone grabs my thinkpad they can't access any data on the HD without knowing that password. Even if they took the drive out.

However, there are companies (there must be, right?) who can hack past that.

However, there are companies (there must be, right?) who can hack past that.

Anything encrypted has to be decrypted to be used. Anything that can be decrypted can be hacked...eventually.

However, there are companies (there must be, right?) who can hack past that.

For data recovery companies it is very easy to get around the ATA HD password. I would not trust it for securing sensitive data.

quickie wrote:

However, there are companies (there must be, right?) who can hack past that.

For data recovery companies it is very easy to get around the ATA HD password. I would not trust it for securing sensitive data.

It's a good thing that if my laptop ever gets stolen it's unlikely they'll be working for a data recovery company.

But if the thief is actually smart, they could send it in on their own...but I don't see the thief paying $500 to recover the data that would otherwise be worthless to them...

I have a complementary question.

I don't want any device that can potentially block my access to my Thinkpad. Can I totally disable the fingerprint reader and its role in the access path to the hardware or OS access. I keep remembering hardware passwords which, if forgotten or corrupted, require replacing the motherboard.

quickie wrote: For data recovery companies it is very easy to get around the ATA HD password. I would not trust it for securing sensitive data.

True, after power failure my hdd sets the password on himself.
I found a guy who cures that in couple of seconds - with engineer pass. He even didn't ask me for any documents.)

So the password that requres change of mainboard is good solution. Just try to remember it.)