Microsoft Fingerprint Reader/DigitalPersona 2.0.1: Serious Bugs

Microsoft Fingerprint Reader/DigitalPersona 2.0.1: Serious Bugs

Post by UGF1bCBDb2 » Thu, 12 Jul 2007 10:38:00


WinXP Pro SP2

New problems in version 2.0.1:

1. DigitalPersona does not always distinguish between different websites
hosted by the same service provider.

2. DigitalPersona often attempts to login to websites using the credentials
for a completely different website. This is easily spotted when you get a
dialog saying there is more than one account for this website (when there
isn't) and you can see from the account names they are for another website
altogether.

Notes:

A. At this time I am uncertain as to whether issue #2 is a result of an
error in the Import/Export functionality or an error in the product in
general.

B. There is no correlation between problem #1 and #2: when website
credentials are confused it is not because the websites are hosted by the
same provider.

C. Issue #2 may manifest as a spurious message to the effect that the
webpage has changed and the account needs to be resynchronized.

D. Issue #2 is potentially a serious breach of security, as more sensitive
username/ password combinations may be accidentally sent to less trustworthy
sites. This emphasises the need to restrict use of DigitalPersona to
websites such as discussion forums and not use it for sensitive sites such as
eBay, PayPal, your bank, etc, and to have different passwords for every site
you visit that are absolutely different from more sensitive passwords, such
as network logins.

Problems which continue from version 1.0:

3. DigitalPersona is unable to cope with variations of the login presented
by the same website without requiring separate logins to be defined for each.
This is especially problematic with Microsoft websites (!) and sites such as
Amazon where the variations on the login URL are effectively limitless and
change from session to session.

Other Comments:

DigitalPersona 1.0 crashes Internet Explorer 7.0 frequently, takes longer
and longer to operate as it is used, has no ability to backup credentials
(which may easily build up to hundreds of entries over time), and triggers
infrequent crashes of winlogon. Although these problems are resolved in
version 2.0.1, the new issues raised leave users caught between a rock and a
hard place.