Thinkpads Forum

Currently, in order to start my new T60p, I use the fingerprint reader and then have to enter a Windows password twice. Since this is such a PITA I have made the Windows password blank. When the T60p starts up from scratch, sleep or hibernate I swipe and hit enter twice. I noticed that Ctrl-Alt-Del is an alternate to fingerprint reader which leaves me uncomfortable without a real Windows password. Question: how to make the fingerprint reader get me "all the way in" so I can use a strong Windows password but not have to type it in all the time?

Check out this thread. I think it might answer most of your questions. It helped me setup my fp reader the way I wanted it. Just make sure that you either memorize or write down the passwords you choose. I chose cryptic passwords that I then memorized, but also wrote them down in a safe place without any reference to the computer. So, if anyone finds them, they have no idea what they are for. A couple of things I did not do of the steps indicated in the link, are disable USB support, and change the order of the boot priority (I did not move move the HDD0 to the top, I think) because I wasn't exactly sure of what they did. In any event, from power-on I now swipe my finger once.
Oh, one more thing, if you have a passphrase authentication for CSS, go into CSS, advanced menu (top left), manage security policies, policy manager will show up. Change the requirements for log on to Windows, unlock computer, log on to Rescue and Recovery, and Open password manager, accordingly. Note that this is only if you have passphrase authentication from CSS on top of Windows password.

http://forum.thinkpads.com/viewtopic.ph ... n+password

What's the point in choosing a difficult password when you can log all the way in with a fingerprint? You password doesn't leave a copy of itself every time it touches something. Biometrics are meant to be another layer of security in addition to other things.

I think you still need hard passwords because Ctrl-Alt-Del is still an option for login and/or in case the fingerprint reader is broken. The fingerprint reader bypasses the passwords but the user can opt to type in passwords and so could a thief.

delete the security center software.

the finger print reader 5 software should be enough for what you need to log into windows in one swipe.

DavidR wrote:I think you still need hard passwords because Ctrl-Alt-Del is still an option for login and/or in case the fingerprint reader is broken. The fingerprint reader bypasses the passwords but the user can opt to type in passwords and so could a thief.

That doesn't really matter. Even with a relatively simple password, as long as it's not strait from the dictionary, it would still likely take a while to crack. Where a fingerprint could be lifted and duplicated with just a few days work or less (as seen on Mythbuster, check youtube if you didn't see that episode).

So the bottom line is, with the only two options being fingerprint OR password, the fingerprint is likely the weakest point. Which is why it's best to use both.

af22 - have you actually deleted the software and just use FP reader?

acasto - my goal is to make my life easier (use finger print in lieu of passwords) while keeping my laptop safe from casual interlopers.

rmendoza - I read and followed much of the link but I still have to enter two passwords to get into my machine.

I'll keep plugging away...

yes, the security software is useless. It's only main purpose is to create the secured partition. The fingerprint software is standalone that works with the security center. You absolutely do not need the security center software for any purpose unless it's with work.

Everything still works with just the finger print software.

acasto wrote:

DavidR wrote:I think you still need hard passwords because Ctrl-Alt-Del is still an option for login and/or in case the fingerprint reader is broken. The fingerprint reader bypasses the passwords but the user can opt to type in passwords and so could a thief.

That doesn't really matter. Even with a relatively simple password, as long as it's not strait from the dictionary, it would still likely take a while to crack. Where a fingerprint could be lifted and duplicated with just a few days work or less (as seen on Mythbuster, check youtube if you didn't see that episode).

So the bottom line is, with the only two options being fingerprint OR password, the fingerprint is likely the weakest point. Which is why it's best to use both.

I think the fp reader is a reasonable compromise between convenience and security. I guess you are right that a fingerprint could be lifted and reproduced in just a few days... but, unless you are a very important person (I am not), I doubt that anyone will spend days following you, after having stolen your laptop, looking for that moment when you are going to throw away a soda can, so they can go to their lab and recreate the fingerprint, so they can in turn have access to your ssn, or some other plain confidential info. Or maybe I am just not important enough, so I don't think this will happen to me.

I get a request for a fngerprint when I boot, reboot or come out of sleep or hibernation. I still get two windows password pop ups after that. I must be doing something wrong!!