From Security to Convenience
Fingerprint Reader Market Focus Shifts From Security for
Enterprise to Convenience for Consumers
Enterprise to Convenience for Consumers
By Roger L. Kay
In the past 18 months, security peripherals vendors have begun to notice a change in buying
patterns. Essentially, fingerprint readers, which first came to market as an esoteric way for
enterprise users to log into their notebooks securely, have started to garner mass appeal from
consumers. Along with this shift in customer base, the reason buyers are adopting readers has
changed, at least in emphasis. While the security of readers is improving all the time, one of
their chief benefits is convenience, which turns out to be more of a selling point among the
general public.
Over the past eight years, the personal computer industry has adopted embedded hardware
encryption in the form of a dedicated security chip as a standard and has equipped many
systems, particularly commercial notebooks, with fingerprint readers to take advantage of this
internal encryption. Early grand plans to create an all-singing, all-dancing secure network of
trusted machines broke down in the face of marketplace anarchy. To build such delicate castles
in the sky, everyone had to cooperate, and that type of teamwork was hard to come by. So,
vendors generally fell back on applications that could be done by a single machine: file and
folder encryption (for privacy and security), user authentication to the machine (for security), and
password management (for security, but perhaps to a greater degree for convenience).
A password manager is a software application that figures out when someone is trying to enter
a user name and password and offers to memorize them and replay them whenever that page
comes up again. Logins for the system itself, for special applications like email, and for secure
Websites, can be stored safely and recalled with the mere swipe of a finger over the little silicon
fingerprint reader embedded in the notebook case.
If you’re anything like me, you have dozens of passwords, and remembering them can be a real
headache. So, in addition to protecting sensitive data from attack, a fingerprint reader tied to an
encryption mechanism is a handy way to access important information without having to deal
with passwords. The temptation to use a weak password just because it’s memorable fades
away. The user enters a strong password once, registers it to the fingerprint software, and
forgets about it.
This capability is particularly convenient for those sites that require a password but aren’t
particularly sensitive. Online subscriptions come to mind. Since the sites are pay for play, they
need to restrict access, but if someone “broke in,” the world wouldn’t end. Entering a password
is mostly a burden for the subscriber, who just wants to read his or her news. Fingerprint-driven
password-management programs really shine in these circumstances.
Recast
Two years ago, Endpoint put out a report forecasting the growth in the fingerprint reader market
(see The Visible Face of PC Security (http://www.ndpta.com/Fingerprint.html). Owning up to the
truth, we said the worldwide market would grow to 38 million units in 2007. Well, looks like it
grew to only 19 million in 2007. So, we were off by, oh, a mere 100%. But what are few points
among friends?
What’s behind this barn-door miss is easy enough to see. In 2005, only 4 million fingerprint
readers shipped. The market was quite new. The main assumption behind the old forecast,
put out in 2006 using 2005 data, was that fingerprint readers would track Trusted Platform
Modules (TPMs), those security chips going into most notebooks and some desktops these
days. In 2007, more than 100 million TPMs shipped.
This assumption was flawed because we believed that people would actually turn on and use
the TPMs, and a primary use would be to take input from fingerprint readers. The modules ship,
yes, but mostly they don’t do what they were designed to do. Lots of TPMs are out there — soon
Intel will ship TPM circuitry standard in its core logic, and even desktops will have them — but
most are dead silicon, doing nothing.
Now, it’s one thing to get a “free” TPM with your computer, but something else again to incur the
cost of a fingerprint reader if you’re not going to use it. Readers aren’t all that expensive.
Nowadays, the bill of materials for a reader can be denominated in single-digit dollars. But
nonetheless, OEMs have been cautious in putting readers on their notebooks, and PC buyers
have been slow to warm up to using them.
Nonetheless, the future is bright for fingerprint readers, which are supplied primarily by two
vendors, Authentec and UPEK. These firms also sell readers for embedded applications,
phones, and other markets, none of which are included in this forecast. So, forthwith a recast of
fingerprint readers shipped with PCs, this time with better trend data. Expect 26 million to ship
in 2008 and 85 million in 2012 (see Figure 1).
Figure 1
patterns. Essentially, fingerprint readers, which first came to market as an esoteric way for
enterprise users to log into their notebooks securely, have started to garner mass appeal from
consumers. Along with this shift in customer base, the reason buyers are adopting readers has
changed, at least in emphasis. While the security of readers is improving all the time, one of
their chief benefits is convenience, which turns out to be more of a selling point among the
general public.
Over the past eight years, the personal computer industry has adopted embedded hardware
encryption in the form of a dedicated security chip as a standard and has equipped many
systems, particularly commercial notebooks, with fingerprint readers to take advantage of this
internal encryption. Early grand plans to create an all-singing, all-dancing secure network of
trusted machines broke down in the face of marketplace anarchy. To build such delicate castles
in the sky, everyone had to cooperate, and that type of teamwork was hard to come by. So,
vendors generally fell back on applications that could be done by a single machine: file and
folder encryption (for privacy and security), user authentication to the machine (for security), and
password management (for security, but perhaps to a greater degree for convenience).
A password manager is a software application that figures out when someone is trying to enter
a user name and password and offers to memorize them and replay them whenever that page
comes up again. Logins for the system itself, for special applications like email, and for secure
Websites, can be stored safely and recalled with the mere swipe of a finger over the little silicon
fingerprint reader embedded in the notebook case.
If you’re anything like me, you have dozens of passwords, and remembering them can be a real
headache. So, in addition to protecting sensitive data from attack, a fingerprint reader tied to an
encryption mechanism is a handy way to access important information without having to deal
with passwords. The temptation to use a weak password just because it’s memorable fades
away. The user enters a strong password once, registers it to the fingerprint software, and
forgets about it.
This capability is particularly convenient for those sites that require a password but aren’t
particularly sensitive. Online subscriptions come to mind. Since the sites are pay for play, they
need to restrict access, but if someone “broke in,” the world wouldn’t end. Entering a password
is mostly a burden for the subscriber, who just wants to read his or her news. Fingerprint-driven
password-management programs really shine in these circumstances.
Recast
Two years ago, Endpoint put out a report forecasting the growth in the fingerprint reader market
(see The Visible Face of PC Security (http://www.ndpta.com/Fingerprint.html). Owning up to the
truth, we said the worldwide market would grow to 38 million units in 2007. Well, looks like it
grew to only 19 million in 2007. So, we were off by, oh, a mere 100%. But what are few points
among friends?
What’s behind this barn-door miss is easy enough to see. In 2005, only 4 million fingerprint
readers shipped. The market was quite new. The main assumption behind the old forecast,
put out in 2006 using 2005 data, was that fingerprint readers would track Trusted Platform
Modules (TPMs), those security chips going into most notebooks and some desktops these
days. In 2007, more than 100 million TPMs shipped.
This assumption was flawed because we believed that people would actually turn on and use
the TPMs, and a primary use would be to take input from fingerprint readers. The modules ship,
yes, but mostly they don’t do what they were designed to do. Lots of TPMs are out there — soon
Intel will ship TPM circuitry standard in its core logic, and even desktops will have them — but
most are dead silicon, doing nothing.
Now, it’s one thing to get a “free” TPM with your computer, but something else again to incur the
cost of a fingerprint reader if you’re not going to use it. Readers aren’t all that expensive.
Nowadays, the bill of materials for a reader can be denominated in single-digit dollars. But
nonetheless, OEMs have been cautious in putting readers on their notebooks, and PC buyers
have been slow to warm up to using them.
Nonetheless, the future is bright for fingerprint readers, which are supplied primarily by two
vendors, Authentec and UPEK. These firms also sell readers for embedded applications,
phones, and other markets, none of which are included in this forecast. So, forthwith a recast of
fingerprint readers shipped with PCs, this time with better trend data. Expect 26 million to ship
in 2008 and 85 million in 2012 (see Figure 1).
Figure 1
A Quick Swipe and You're In
 |
| |
 |
A Real Market Takes Shape
The essential optimism of this forecast is based on the fact that people have been responding
to the convenience aspect of fingerprint readers, and vendors are giving them more reasons all
the time to sign on. Newer hardware is more durable and better looking. The software interface
is maturing, making it easier for a user to understand the functions, set up and store secure
passwords, and use the reader to log in.
And the number of Web-based services that make use of fingerprint authentication is
increasing, while new software makes Internet commerce more secure and convenient.
Services like RSA SecurID, a two-factor authentication technology, now uses fingerprint input as
one of the factors, enabling users to dispense with having to carry around a physical token to log
in. SecurID allows workers in the field to safely log into their corporate networks and
consumers to conduct safe purchases from cooperating Websites. Software like WinMagic
allows users to encrypt their hard drives using only their fingerprint as input. And attractive new
hardware like UPEK’s Eikon reader lets even PCs without an embedded reader take advantage
in this proliferation of security-oriented software and services.
Momentum behind readers is only increasing. Recently, UPEK put out external readers for
Macs. And new highly mobile form factors like Mobile Internet Devices (MIDs) will be connected
to the network most of time and will need security as more interactions involve the transfer of
money and valuable information. As phones migrate into this network, often used as electronic
wallets, people will get used to using readers as a primary way to access their services
securely and conveniently.
There was a time when only criminals were fingerprinted, but this stigma has largely faded as
we now wish to be known as who we are. My fingerprint identifies me and ensures that no one
else can appropriate the things to which I have a right: my money, my secrets, my data. And yet,
my finger is always attached to me, and I never forget it when I go out. Security and convenience
in one little package. It’s obvious.
© 2008 Endpoint Technologies Associates, Inc. All rights reserved.
The essential optimism of this forecast is based on the fact that people have been responding
to the convenience aspect of fingerprint readers, and vendors are giving them more reasons all
the time to sign on. Newer hardware is more durable and better looking. The software interface
is maturing, making it easier for a user to understand the functions, set up and store secure
passwords, and use the reader to log in.
And the number of Web-based services that make use of fingerprint authentication is
increasing, while new software makes Internet commerce more secure and convenient.
Services like RSA SecurID, a two-factor authentication technology, now uses fingerprint input as
one of the factors, enabling users to dispense with having to carry around a physical token to log
in. SecurID allows workers in the field to safely log into their corporate networks and
consumers to conduct safe purchases from cooperating Websites. Software like WinMagic
allows users to encrypt their hard drives using only their fingerprint as input. And attractive new
hardware like UPEK’s Eikon reader lets even PCs without an embedded reader take advantage
in this proliferation of security-oriented software and services.
Momentum behind readers is only increasing. Recently, UPEK put out external readers for
Macs. And new highly mobile form factors like Mobile Internet Devices (MIDs) will be connected
to the network most of time and will need security as more interactions involve the transfer of
money and valuable information. As phones migrate into this network, often used as electronic
wallets, people will get used to using readers as a primary way to access their services
securely and conveniently.
There was a time when only criminals were fingerprinted, but this stigma has largely faded as
we now wish to be known as who we are. My fingerprint identifies me and ensures that no one
else can appropriate the things to which I have a right: my money, my secrets, my data. And yet,
my finger is always attached to me, and I never forget it when I go out. Security and convenience
in one little package. It’s obvious.
© 2008 Endpoint Technologies Associates, Inc. All rights reserved.
