My Experience with HID DigitalPersona
After using HID DigitalPersona i log into my work system using my fingerprint rather than the old method of entering username and password …
Starting at $3.75 per user per month
View PricingOverview
What is HID DigitalPersona?
HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
HID DigitalPersona
$3.75
On Premise
per user per month
Entry-level set up fee?
- Setup fee required
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is HID DigitalPersona?
The HID DigitalPersona multi-factor authentication software offers a new way to provide authentication services to users. Whereas traditional 2FA/MFA solutions are stuck on “what you have/what you know”, DigitalPersona leverages an array of authentication methods to access public and corporate network resources. Enterprise users can gain access to their cloud applications, such as Microsoft 365, VPNs, corporate networks, Windows desktops, and Citrix applications . Consumers can confirm their identity and authenticate transactions.
Balancing security and usability, HID DigitalPersona boasts one of the widest arrays of authentication factors in the industry. This includes one-time passwords, mobile-based push, smartcards, security keys, risk- and context-based methods, and biometrics, such as fingerprint, face, and behavioral keystroke.
HID DigitalPersona Competitors
- The Okta Identity Cloud
- Imprivata OneSign
- Idaptive Next-Gen Access (formerly Centrify)
HID DigitalPersona Technical Details
| Deployment Types | On-premise |
|---|---|
| Operating Systems | Windows |
| Mobile Application | Apple iOS, Android, Windows Phone |
| Supported Countries | Most Countries except companies included in US Embargo |
HID DigitalPersona Downloadables
Frequently Asked Questions
HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and applications.
The Okta Identity Cloud and Imprivata OneSign are common alternatives for HID DigitalPersona.
Reviewers rate Usability and Support Rating and Implementation Rating highest, with a score of 9.
The most common users of HID DigitalPersona are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(173)Attribute Ratings
Reviews
(1-4 of 4)Companies can't remove reviews or game the system. Here's why
We currently use Digital Persona Altus in our enterprise environment with over 500+ computers and up to about 800+ users. We implement biometric (fingerprint) access for all computer authentication in the network and for some managed applications that require enhanced security measures. We are about to roll out token authentication for a few departments that are now requiring improved measures of secure access and authentication of users.
- Biometric Authentication - easy to set up and manage. Simple to deploy and enrollment of users.
- Managed Passwords - The ability to require specific applications to use two factor authentication or even fingerprint only is a very useful tool.
- Software OTP - The new features of Altus including the OTP tokens - for use with your mobile phone app is particularly handy.
- Licensing - We find that licenses are used or allocated for users that won't even use the Altus authentication, bring about wasted costs of excessive and unnecessary licensing.
- The biggest con so far has been the inability for technical support or the Crossmatch company to provide specific compatible hardware to use with the smart card or proxy authentication. We have yet to find a compatible solution to implement this and their support has been useless so far.
We haven't tested or used the features for VPN or cloud. We have found that the ease of use for Windows logon is a benefit for some of our less technical users. Facial recognition has been a blessing for those users that do not have fingerprints or a mobile device to use OTP.
We have greatly benefited from this feature, as we are a MS AD environment. Being able to successfully authenticate users using not only secure but different features depending on the work zone has helped a lot. Being able to provide two factor or even three factor in some instances to protect the user, machine and data is wonderful.
All our platforms are pretty much Windows 7 desktops, in-house applications, and some proprietary applications specific to a department. We also utilize the kiosk setup for public users for public information lookup. This allows the department users to log in with their credentials (fingerprints) to reset any software or windows for the general public or to reboot the machines, reducing the calls for IT to assist with lockouts.
We do not currently use Microsoft Azure Active Directory at this time. We have no comment for this topic.
- Positive impact would be the knowledge that our systems are safe from un-authorized users accessing certain programs or machines by using a shared or stolen password. By using biometrics we eliminate the sharing of passwords among users to ensure proper authentication and auditing of users.
No
- Price
- Product Features
- Product Usability
- Prior Experience with the Product
Testing and trialing other vendors.
No
We were having an issue with hardware tokens working with the system or not being compatible. Crossmatch went above and beyond to assist with testing vendor tokens for use.
- Enrolling new user credentials
- Installation of software on DCs and end user clients
- Setting up Kiosks
- Managed passwords for certain applications
Yes
for One Time Password use - mobile app
April 12, 2019
DigitalPersona stands by their product and their level of support and quality of product is exceptional.
Digital Persona is used to speed up the login process for transactions processed by the application operators as well as to collect biometrics (fingerprint) for customers. In addition to that, in both (operator or applicant) processing of fingerprints, we use Digital Persona to store, match and compare fingerprints as to avoid fraud on the operator side and the applicant side.
- Digital Persona does particularly well on fingerprint matching to authenticate users' credentials via Fingerprint against Active Directory.
- Digital Persona does well on providing active directory tools for troubleshooting problematic fingeprints.
- DigitalPresona provides intuitive wizards for enrolling, re-enrolling and un-enrolling users' fingerprints from active directory.
- Digital Persona authentication process is quite fast. It takes less than 1 second from the time one captures the fingerprint to the time the user is authenticated.
- Digital Persona does not have a granular auditing method for generating reports of active users and the last time a specific user or users were last successfully authenticated or attempted to authenticate in active directory. This functionality can provide significant value to customers, especially for customers where the number of licenses ranks in the thousands. This would allow customers to revoke a license from users who do not use their fingerprint for authentication.
- Digital Persona does not have the ability to purge stale fingerprints to free up licenses that have been assigned to users who do prefer not to use their biometric login, users who have left the company or moved on to a different department. Having the ability to purge stale users' biometrics (and licenses) can potentially save customers licensing fees.
- Digital Persona does not have the ability to run reports for stored biometrics. It could potentially prove useful to be able to run reports of say 5000 users and have a breakdown of fingerprint quality spectrum. This could potentially alleviate administration overhead by identifying stored problematic low-quality fingerprints for users.
- Digital Persona should have its own GUI Based Administration Utility to have one central point of administration including identifying which accounts have not used fingerprint login as to free up unused licenses, license reporting and type of DigitalPersona Feature used.
Having multiple authentication methods provides wide versatility for the enterprise. A corporation can opt for using simply windows fingerprint logins, use API feature to capture fingerprints for applicants via web-based browser applications, use API to design custom windows applications and use API to authenticate users into the application itself as well as use the fingerprint reader to capture customer biometrics and use this to accomplish the desired software functionality.
We use several DigitalPersona features, Active Directory integration allows us to use Windows Biometric (Fingerprint) login on workstations where more restricted access is required.
We are using DigitalPersona to protect Windows based systems and in-house web-based Microsoft .NET applications. The DigitalPersona platform does extend to Unix/Linux but for our implementation requirements, we initially did not need their alternate solution but we now have a Unix/Linux implementation and having DigitalPersona's versatility paid off by allowing us to incorporate and extend the usage and close the gap between Windows & Unix Systems, allowing our applications to exchange biometric data between multiple platforms.
- For our situation, Digital Persona for processing applicants is not an option but a requirement. For the system operators DigitalPersona is also an auditing requirement and a necessity in order to automate processing of applicant transactions throughout the day.
- Digital Persona having joined forces or I should say, merged with Crossmatch has helped standardized the software engineering process for transacting applicants and authentication of operators as well as streamlined the software engineering effort required for performing fingerprint matching.
- Digital Persona has gone above and beyond in providing us customized support to allow us to tailor their software to our specific needs.
DigitalPersona initially had issues in the fingerprint quality aspect and live view functionality for capturing fingerprints. This was initially a setback when we had to use new SDKs(Drivers) for fingerprint readers we had already writing software for. Instead of DigitalPersona rewriting features and functionality already provided by Crossmatch, they started, in my opinion, from scratch and this created a delay in our software delivery process as it required hours of software engineering and testing.
Overall however, DigitalPersona's service and support at all levels, was exceptional. They stood by their product, supported us day after day and provided software engineering support every time it was requested.
4500
Unable to disclose the specifics functions due to security matters.
10
Software Engineers, System Engineers, System Administrators, Help Desk Support Engineers.
- Authenticating system operators into our management stations.
- Capturing customer biometrics for customized use.
- Application Authentication
- Fingerprint Matching
- Unable to disclose the specific methods we use the software for.
- Web Application credential biometric caching and authentication.
No
- Product Features
- Product Usability
- Product Reputation
- Prior Experience with the Product
- Vendor Reputation
- Existing Relationship with the Vendor
We purchased DigitalPersona primarily because it was the most familiar vendor and their hardware was already widely used in the technology industry.
I was quite pleased on the proof of concept and pilot phase when evaluating and selecting the vendor and hardware. Our company has had experience with Digital Persona vendor and other software and hardware vendors. Opting for going with DigitalPersona was the obvious choice as they are already an established vendor and they stand behind their hardware and software products.
- Implemented in-house
Yes
We used industry standard implementation process or our implementation, they were:
Development
QA
Integration Testing
System Testing (Stress Testing)
User Acceptance Testing
Production "Pilot"
Production Full Deployment
Change management was minimal
- We encountered typical software challenges when brewing our in-house software to interface with DigitalPersona API and Hardware.
- Driver issues which were later corrected with new driver releases tailored to address our specific problems.
Yes
Premium support is necessary as part of our ongoing customer support contract.
Yes
Understandably so, the troubleshooting spanned over a couple weeks but eventually the identified issues were resolved.
Last quarter of 2016 and we are currently working to reach out to Crossmatch again as part of a revamp to our software.
- Active Directory Authentication
- Fingerprint Enrollment
- Auditing and purging of seldomly used fingerprints
We use it as a single authentication software across the entire organization.
- DigitalPersona provides fast and accurate support. When looking for a solution to a problem, their support team knows exactly who to engage with in order to give us our fastest results.
- Because the software is encrypted in our Active Directory, changing out a user to a new workstation is simple. We just install the software, and then re-add the users finger prints. All of their passwords are safely and securely stored and come right back once the user is identified.
- I tested the Altus product on the new Microsoft Surface keyboard with a finger print reader, and it does work.
- DigitalPersona Altus can make their renewal process better. Last time we had to renew, we did not get a notification to renew, and actually had to reach out to Crossmatch after we tried to get support and found out we were out of warranty. We would have easily paid our renewal, if we knew that the expiration was coming.
We mainly use this to log into our computers and websites.
We can change computers and because of the Active Directory integration we don't have to worry about losing our bio-metric history. It's all stored in AD securely.
We use DigitalPersona Altus to get into our main website, log into our timeclock website, access the myriad of other websites our staff needs to get into, etc.
- Our users needed a product just like DigitalPersona Altus, but all the other products we looked at saved all of the data to the local computer. Having a central storage location that is not saved on the local computer allows for simpler migration and that saves IT staff time.
We used to use the finger print readers that came on the Dell computers, but the Digital Persona finger print reader works much more accurately. I will say, it has a problem in direct sunlight, but other than that, it really works well.
35
It's really a crossfunctional group of people ranging from member facing to IT and Administrative support.
3
Knowing how to support the Microsoft Server environment and group policy is really the main technical part of the program you'll need to know to use it.
- Staff do not have to remember all of their passwords.
- When we reimage computers the passwords are remembered.
- Administrator accounts can be quickly and easily assigned to a different finger so when you are supporting a user you can just quickly sign in with that account and not have to type a password in front of them.
- We hope to be able to use the facial recognition availability in the Microsoft Surfaces at some point.
- Passwords
- Web add on for Chrome
- Loging into Windows
- Cannot get facial recognition working
June 10, 2018
The Concept is Awesome, the Execution Not So Much
We use it across the whole organization. The idea was to use biometric ID rather than memorize and enter passwords in the many applications we use on a daily basis.
- The concept is great. A password vault that is managed using biometric identification. Users forget/lose passwords but not their fingers.
- The fingerprint reader is pretty accurate.
- They could definitely improve on how the software reads/detects log on screens. Some applications, legacy and web based, are difficult for DigitalPersona to pickup on.
- There could be improvements to the user interface. The new Altus interface is actually worse in many ways than the older DigitalPersona interface. For example the way the logons are listed in the program is very convoluted especially if you have multiple logons to the same application.
- They could better test software before releasing it. Our upgrade to Altus from DigitalPersona was terrible. The version we installed had so many flaws that I felt it should not have left beta testing. It broke a lot of the logon templates, some of the password change screens stopped working, some users lost logon data, etc. We are still dealing with the fallout from it. Possibly the worst upgrade I have been involved with in my 18 years of IT experience.
I would say estimate that it works well with about 70% of the applications we use. The 30% either does not work or works partially - the password change template may not work or it will fill in the data but user has to click submit, etc. We have not been successful in using it over VPN using fingerprints. You can use over VPN by typing in the master password as a workaround. It just seems like our most commonly used applications are the ones DigitalPersona has problems with, thanks Murphy.
- When we first got DigitalPersona 7(?) years ago, it was great. It wasn't perfect but it was better than anything else we had seen at the time. However the software just seemed to languish and not improve with time. In fact it got worse with Altus.
- Most of the users seem to like it... when it works. When a password change screen does not work correctly, it is time consuming to fix.
- If the user base is very tech savvy, you will get a slightly better ROI. When the average user flubs up a password change or gets a password reset, it requires some technical help to fix and thus time consuming at times. Some tech-challenged users have a hard time really understanding how DigitalPersona works and those users sap up a lot of resources.
We have not looked at anything else since we have been on DigitalPersona Altus. However with the recent troubles with Altus, I have started to look around.
Yes, AD integration is good and works mostly well. However we have 1-2% of users whose DP/AD is so corrupted that the only fix would be to delete their AD account and start from scratch. This was the last fix suggested by DP support after we tried every other fix they could think of. We have yet to do this fix so those users are not using DP at the moment.
Without getting too specific, we use this for about 30 applications. It works well on about half, and to VARYING degrees with the other half. It's a mix of local/server applications and web applications. When it works, it's a beauty.
- My experience is that most web based applications are the easier ones for DP.
- The admin console to program the signon templates is fairly easy to use.
I have not heard of any vendors directly supporting DP. But I'm not sure that this is a justified question as it is the duty of DP to be able to screen scrape this information and make it usable for us.
Due to their poor execution with new releases and just poor overall software management, I would recommend against implementing as a new install. For example, one of the nice things about their password change screens was that you would summarize the application password requirements and display it for the users. However in one of the releases last year, they stopped displaying that requirements field and replaced it with a generic secure password guideline checklist. So our users would follow that guideline, because of the way we had trained them over the years to follow the password rules that would display, and they would promptly get locked out the application. We have a legacy application which requires a 6 character password and that was promptly displayed until this "upgrade" came along and ruined it all.
300
Every department/role in our company.
4
IT staff
- It integrates with AD so people do not have to remember logon info nor type them in every time.
- It functions as a password vault and thus helpful with the many application logons that our employees use.
- It's great that it supports multiple logons for the same applications. We have employees that have different roles within the same application and thus they have different credentials.
No
- Price
- Product Features
- Product Usability
The concept of the password vault for "all" applications tied to a biometric reader was the ideal solution we were searching for.
I'm not sure we would have selected it any differently. DP had a great concept and a decent product at the time. I just didn't expect them to get worse over time.
- When the templates work and the password change hints were working, password changes were simple.
- It is difficult for some users to grasp the concept of how to use this application after a temporary password is assigned to them and the password screen is "locked".