Other highly touted security technologies continue to evolve, but at a pace that's too slow for most IT managers. And the newer technologies have flaws of their own.
For example, smart cards aren't widely deployed but are frequently used in highly secure installations. Earlier this year, however, the smart-card readers at the Department of Defense were breached by malware that sniffed the PINs on smart cards. "It was kind of like protecting a nuclear facility with a house key," says Maler.
Nor has biometrics taken off -- yet. The most extensive deployment of biometric technology is in fingerprint readers on Lenovo ThinkPads, which SBLI used for a while. It was a cool feature until the sensors got dirty and it started taking six swipes before the system recognized the user's fingerprint, according to Capizzi.
"Some people said it worked great, but others found it more annoying than typing in a password," he says, noting that the readers also made the laptops more expensive. "From a corporate perspective, I'm not sure biometrics is there yet."
Nevertheless, the retail industry IT executive says he plans to investigate biometrics for a legacy point-of-sale system that can't be integrated with Active Directory. "Our salespeople aren't assigned to a register. Instead, there are multiple POS terminals throughout the store, so they're logging in and out often." He says he'd like to retrofit the POS terminals so employees can access the system with the tap of finger, noting that it would be an improvement over users mistyping passwords or forgetting them altogether.
Security consultant Ponemon holds some optimism for biometrics -- although he chuckles at instances like the botched Department of Homeland Security installation at the border crossing at Nogales, Ariz., where the scanner was installed upside down and failed everyone who tried it. "Implemented correctly, some biometrics systems are really cool," he says. "The Israelis have created very robust voice-recognition tools that can determine identity within a nanosecond."
He says he believes that voice recognition tools will be more viable than facial recognition, fingerprint or iris scanning systems. "People are too nervous" about having their eyes scanned, he points out.