This content has been marked as final. Show 6 replies
the UPEK reader is not portable, it's fixed to the machine, so this is to be expected.
if you want users to be able to roam between machines, you need to pick a token which supports portability, like a smart card, or password.
the design of the UPEK reader simply does not consider the fact that you might want to use the same credentials on multiple machines. TPM tokens suffer from the same limitation.
sorry, but that's just the way that particular hardware works.
Ok, so when user has configured the token "Upek Fingerprint Reader" can't logon in the same machine using the "Password only token".... this bring to us a problem because if the user need to make a logon in another machine that doesn't have the biometric sensor, he can´t.
correct - your user will need to have two ID's, one for the fingerprint and one for the password, or you could submit an FMR to create a dual factor token.
the risk of course is if the user has the choice, they will probably always pick password because it's easier, and the security will be dependent on the password (the lowest security token of the two).
what is FMR? and how i create a FMR to build a dual factor token??
an FMR is a "feature modification request" - I guess the best way to start that would be through your account manager. They will take your suggestion, flesh it out, and come back with either a proposal and cost, or roll it into the next product iteration if it's generally useful.
What about the backup password? When I played with the UPEK readers there was a backup password that I used all the time to log into the console on machines that did not have a UPEK reader.
Does the backup password not work preboot if you push the UPEK client files to a device that does not have a reader? This is one thing I did not try.