There's a number of ways to bypass the 'password' idea.
As mentioned above, you "can" have network access controlled by the
MAC address of the network card, but there are plenty of cards that
can have the MAC address reprogrammed by someone with the right
proficiency (i.e., an IQ above room temperature and a little asking
around of "hey, how do i reset the mac address on a ______ NIC?")
A good alternative option would be to use a biometric of some sort.
www.identix.com sells a variety of options for this:
Here is a USB based fingerprint scanner:
Here is a PC Card based fingerprint scanner:
And a parallel-port fingerprint scanner built into a keyboard:
Another keyboard option with a fingerprint scanner and optional
All of the above products are used with their software, which is
available for Windows, Novell, and WYSE, and with an SDK available for
creating software compatible with other operating systems [more info
on that is available on their site.]
They also have facial recognition software, with an SDK for creating
custom software (they do not provide a one-size-fits-all solution for
the facial recognition angle):
There are a number of other products on their site (software-wise)
that may suit your needs.
Another company would be Fingersec (www.fingersec.com) -- they provide
combination fingerprint/proximity card readers for security access
control, as well as OEM fingerprint recognition kits. Their "U are U"
product is a simple USB fingerprint recognition package for network
Ingersoll-Rand also has a biometrics division called "Recognition
Systems" (www.recogsys.com). They have products designed around hand
shape recognition instead of fingerprints.. at first glance, they
appear to be primarily geared towards physical access control versus
network access control, however.
I'd recommend looking into Identix for the best solution for your
needs, as they appear to focus more on the software access side of
biometric security versus the "only let this person through the door
into the building" sort.
While smart cards are one way to go, depending on the level of
security you desire (and the type of personnel you have working for
you and the type of people being allowed near workstations with
sensitive data) you may want to go with a fingerprint scanner. It's
technically possible to circumvent a fingerprint scanner with, for
example, some flexible glue and the actual person's finger (to make a
mold of their fingerprint, allow it to dry, and turn it inside out,
and use it like a biometric 'stamp',) but obtaining a "false
fingerprint" is easier said than done; anyone willing to stick their
finger in some glue would be just as willing to let someone else
borrow their smart card or use their network password.
Hope this helps!
Search terms used: