If your laptop has a fingerprint reader installed in it, there’s a decent chance you can set it up very easily in Ubuntu to login and [gk]sudo. Since the manpage isn’t particularly helpful, I’ll guide you through setting it up with the ThinkFinger library, which is compatible with most popular readers installed in Lenovo/Thinkpads, Dells, and Toshibas.
Now you can log in by swiping your finger at the password prompt, and more usefully in my opinion, swipe your finger instead of entering the root password at terminal and graphical password prompts. This is one of those little things that, once you get used to it, is hard to ever live without. Check it out:
By the way, while there may be valid security concerns with fingerprint readers, don’t listen to the critics who say you can just breathe on it to get a swipe. 2D fingerprint scanners may work this way, but laptop fingerprint readers take a reading in both space and time. Try using tf-tool –verify and finding out for yourself; you can blow and breathe on your fingerprint reader all day without getting it to even recognize a scan, let alone a failed one.
- Install the necessary libraries: sudo apt-get install thinkfinger-tools libpam-thinkfinger
- Integrate thinkfinger with PAM (Pluggable Authentication Modules): sudo /usr/lib/pam-thinkfinger/pam-thinkfinger-enable
- Now acquire your fingerprint: run tf-tool –acquire. If you get an error here (not a failed swipe, you just need to swipe better), running it with sudo might be necessary. If you still get an error that thinkfinger can’t interact with your reader, it probably isn’t supported, sorry! Otherwise, keep swiping your finger until you get two successful swipes.
- Finally, make sure it worked: run tf-tool –verify and swipe your finger. Try this a few times, and if it doesn’t have a good success rate, do another acquire (the previous step), perhaps slower and more intentionally.
Now you can log in by swiping your finger at the password prompt, and more usefully in my opinion, swipe your finger instead of entering the root password at terminal and graphical password prompts. This is one of those little things that, once you get used to it, is hard to ever live without. Check it out:
By the way, while there may be valid security concerns with fingerprint readers, don’t listen to the critics who say you can just breathe on it to get a swipe. 2D fingerprint scanners may work this way, but laptop fingerprint readers take a reading in both space and time. Try using tf-tool –verify and finding out for yourself; you can blow and breathe on your fingerprint reader all day without getting it to even recognize a scan, let alone a failed one.
Thanks so much, Jose.
Ryan: yeah, Dell is doing a pretty slick job of properly supporting Ubuntu. As a result I am on an M1330 right now (though not with Ubuntu pre-installed, this was a refurb).
crashsystems, Aigarius: if someone has a copy of my fingerprint, then they basically have a copy of my password. It wouldn’t surprise me if that works. So does having a copy of your text password, which I could get much easier than a scan of your fingerprint, just by looking over your shoulder.
Dread Knight, that will take care of logging in via fingerprint, but won’t help for those times when you have to type in your password once logged in, such as terminal and graphical sudos including updates. This is really the main feature IMO.
Works good in combination with auto-logic in my Kubuntu Jaunty :P
When I ran “lsusb” I saw:
Bus 005 Device 002: ID 08ff:2580 AuthenTec, Inc. AES2501 Fingerprint Sensor
I guess this “thinkFinger” program only works with “Thomson Microelectronics”. I hope someone will come up with a unified framework for these kinds of readers.
Of course, an attacker using such techniques is going to be more than just some random person who walks by your laptop and decided to mess with it. This means that they are after data on your laptop, and not having the fingerprint reader would not be a deterrent to them. Against such attacks, only good crypto can keep you safe, such as encrypted LVM or Jaunty’s upcoming encfs encrypted home feature.
Very slick.