Looking for a fingerprint reader recommendation that meets the following requirements:
- Can be used for logon with machines on domain (rules out MS Fingerprint Reader)
- Stores passwords for logon for web sites with IE and Firefox
- API support (for custom applications / reads)
- USB
Try Fingersec and secugen. I don't know about IE and Firefox, about others 3 reqs, it does.
If you're willing to consider alternatives to fingerprint readers, there's the YubiKey.
Paired with Rohos Logon Key and LastPass, it fulfills all your needs; awesomely even, I'd say :)
I really like the UPEK fingerprint reader. It's USB, can be used to store passwords for firefox and IE and it works really well. It has SDKs. It takes less than a second to authenticate to it. It works on the PC and Macs. On Windows, unlike other software I've used, you don't have to press ALT+CTRL+DEL (even when you're domain joined) to login/unlock with your finger. It looks pretty too. If all that wasn't enough... it's only like $45.
I know you said that the microsoft reader was out.... but I just want to underscore that I would really avoid that reader if you have anything remotely sensitive on your computer. It's really not secure at all.. even microsoft says on their product page to not use it for anything sensitive.
However, fingerprints are less secure than they're made out to be. Mythbusters did a segment on fingerprint hacking. While their experiments did span the course of three days... they still proved that with enough time a fingerprint is definitely hackable. If you need any degree of security, you're better off using a two factor authentcation: password + fingerprint.
Of course, if someone has physical access to your computer... it's pretty much already a moot point anyway....
I don't have a specific recommendation for a particular piece of hardware, because password storage for browsers is probably a software-based feature. Some vendors bundle software to perform this function, but I would make that a secondary consideration when you pick a reader.
When you evaluate, you should only consider devices that have been FIPS 201 certified.
Further, depending on what your company does and the sensitivity of the data, I would consider making fingerprints a second authentication factor. There have been numerous incidences where people have been able to fool this devices.
I like the U.are.U readers from digital persona. It's the only one I've programmed for. I've had some problems with installations and upgrades. But once you figure out what's going on it's very reliable.