There’s usually an inverse relationship between enterprise security and end user convenience. When you tighten security, it often means more hoops for users to jump through – more complex passwords to remember, more sign-ons to endure, more tokens or cards to carry. That’s when you end up with passwords on Post-its, completely defeating your attempts at stronger security.

Forget all that. Biometrics as a means of authentication has gotten so reliable and easy to implement that it is now a mainstream enterprise technology. This week I attended the Digital Identity Showcase hosted by UPEK and Pay By Touch, and I was able to put my finger on some interesting biometric solutions that are both convenient for the end user and highly secure.

UPEK is the developer of the biometric technology that uses a fingerprint to identify an individual. Pay By Touch is a partner company that has embedded UPEK’s technology into devices used in retail settings. In today’s article, I’ll focus on the state of the technology and next week, I’ll cover some of the myriad uses, including the Pay By Touch solution and several others.

Up until about a decade ago, fingerprint scanning technology was based on optics. This meant the scanners were large and the results of a scan were sometimes distorted, making the use of a solution based on optical scanning somewhat clumsy and unreliable. In the late 1990’s, a real breakthrough in technology took place. Silicon chip companies began to explore capturing fingerprint images on silicon. This technology uses capacitive sensing instead of light (optics), yielding high resolution and density in a fingerprint scan and resulting in a much more reliable and accurate identification of the individual. In addition, the size of the scanners shrunk to something small enough to fit on a cell phone or a USB thumb drive, and that’s where we are today.

Most if not all major notebook PC manufacturers now have models with embedded fingerprint scanners. Gateway, Dell, Toshiba, ASUS and Lenovo all use UPEK’s technology to add another layer of security to their notebooks, or to replace passwords all together.

The UPEK module includes the fingerprint sensor plus a separate security chip embedded in the notebook hardware. Together they can be used to do pre-boot authentication of the user. For example, before Windows will boot, the user has to swipe an enrolled finger across the sensor. The “template” of his fingerprint is compared to the master template stored in the security chip. If there is a match, the user is authenticated.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.