Eliminate the need for passwords

These days, companies take security concerns very seriously. Unattended terminals and compromised passwords are two of the most pressing problems. Although many software-based solutions are available, your security needs might require a hardware-based control system. If so, RF IDeas offers a solution: AIR ID. This proximity-activated identification system provides a new twist on an old theme: the use of security badges to access computers. AIR ID unlocks a workstation when it senses the user's badge.

AIR ID includes a base unit, a badge access card, and software to control the devices. A battery-operated badge access card sends a signal to the base unit, which connects to a component object model (COM) port on a Windows NT or Windows 95 system. This signal either automatically logs the user on to the workstation or unlocks a password-protected screen saver. When the user walks away from the terminal, the system automatically re-locks.

At first, I wondered why companies would need this product because users can already configure screen savers to activate automatically and use passwords to protect their systems. However, I realized that this product offers additional benefits. AIR ID can reduce the workload of staff members who are inundated with calls from users who want to reset their password. AIR ID can also thwart shoulder surfers who lurk behind users as they type their password.

Installation and Use
Installing AIR ID is simple. As Screen 1 shows, AIR ID provides a startup screen with easy-to-follow instructions. After you connect the base unit to the COM port, you install and configure the software on your NT system. To configure the software, you must first set the COM port number and a badge-sensing parameter. The badge-sensing parameter lets you program AIR ID to either poll continually for badge presence (which drains the battery more quickly) or poll only when a user presses a key or moves the mouse. You can also adjust the base-proximity range, which determines the distance at which the base unit locks or unlocks the system. This range is adjustable from 3' to 20'.

Adding users to the AIR ID system software is easy. You enter usernames, define addresses for the badge users, and set passwords for the accounts. AIR ID then synchronizes the parameters with the badge access card by writing authentication information directly into the access badge memory so the card can communicate with the base unit.

Pros and Cons
If you leave your AIR ID badge at home, you can still access the computer by entering a password. If you lose your badge, the systems administrator can remove that badge from the system. Because the badge doesn't identify the user (e.g., there is no name or photograph on it), a potential security violator won't know which workstation it unlocks. AIR ID also includes an audit log so that you can see the users who have accessed the system and any modifications they have made to the software.

AIR ID has a few drawbacks. First, you can't integrate the audit log into NT's event log. Second, you might experience interference if you use multiple units. For instance, if two people in adjacent cubicles use AIR ID, their access badge signals might get crossed. If this happens, you must adjust the distance parameter. Third, AIR ID can support only 10 badge users on each PC, which might not be sufficient for your system. Finally, AIR ID replaces the logon screen and NT's Graphical Identification and Authentication (GINA) library (i.e., part of the underlying authentication subsystem) to facilitate automatic system logons. If you use another third-party tool that replaces the GINA, that product won't operate properly.

A Slick Product
AIR ID can help control security and enforce company policies, especially if workstations are left unattended. However, if you consider this product, keep the nonintegrating audit log and 10 badge-user-per-PC limitation in mind.

AIR ID
Contact: RF IDeas 847-520-7900
Web: http://www.rfideas.com
Price: $295 per unit, $155 each additional badge
System Configuration: Windows NT 4.0 or Windows 95, 486 33MHz or better, Serial port