My Experience with HID DigitalPersona
After using HID DigitalPersona i log into my work system using my fingerprint rather than the old method of entering username and password …
Starting at $3.75 per user per month
View PricingOverview
What is HID DigitalPersona?
HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Reviewer Pros & Cons
Pricing
HID DigitalPersona
$3.75
On Premise
per user per month
Entry-level set up fee?
- Setup fee required
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is HID DigitalPersona?
The HID DigitalPersona multi-factor authentication software offers a new way to provide authentication services to users. Whereas traditional 2FA/MFA solutions are stuck on “what you have/what you know”, DigitalPersona leverages an array of authentication methods to access public and corporate network resources. Enterprise users can gain access to their cloud applications, such as Microsoft 365, VPNs, corporate networks, Windows desktops, and Citrix applications . Consumers can confirm their identity and authenticate transactions.
Balancing security and usability, HID DigitalPersona boasts one of the widest arrays of authentication factors in the industry. This includes one-time passwords, mobile-based push, smartcards, security keys, risk- and context-based methods, and biometrics, such as fingerprint, face, and behavioral keystroke.
HID DigitalPersona Competitors
- The Okta Identity Cloud
- Imprivata OneSign
- Idaptive Next-Gen Access (formerly Centrify)
HID DigitalPersona Technical Details
| Deployment Types | On-premise |
|---|---|
| Operating Systems | Windows |
| Mobile Application | Apple iOS, Android, Windows Phone |
| Supported Countries | Most Countries except companies included in US Embargo |
HID DigitalPersona Downloadables
Frequently Asked Questions
HID DigitalPersona (formerly Crossmatch) provides a comprehensive multi-factor authentication solution. The vendor’s value proposition is that their solution frees users from cumbersome login activities while making it easy for an IT Team to secure access to their networks, data and applications.
The Okta Identity Cloud and Imprivata OneSign are common alternatives for HID DigitalPersona.
Reviewers rate Usability and Support Rating and Implementation Rating highest, with a score of 9.
The most common users of HID DigitalPersona are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(173)Attribute Ratings
Reviews
(1-4 of 4)Companies can't remove reviews or game the system. Here's why
February 20, 2024
Easy Biometric Secure Login
We are using HID DigitalPersona primarily for multifactor domain authentication on workstations across our entire organization and are using it a little bit for password management. With this, it allows very quick access to our desktops without compromising the complexity of our passwords. It also cuts down on the IT department constantly having to reset forgotten Active Directory passwords and saves time when it comes to resetting their own forgotten passwords to websites and applications.
- Extremely good at domain authentication
- Extremely good at security
- Great at multifactor authentication
- Biometric authentication
- Password manager; credentials for websites must be set in IE, not Chrome or Firefox
- Nothing can be done about it, but you must understand Active Directory and Group Policy to use this product
- It is a little difficult to contact tech support but once you do, they are very good
- It couldn't calculate the ROI but certainly makes logins (domain and otherwise) MUCH faster while still allowing for complex passwords.
- Keeps IT department from constantly having to reset forgotten passwords.
- Not sure how to get a good metric on actual ROI but it does exist.
We haven't taken advantage of all HID DigitalPersona has to offer. We are looking forward to exploring other things we can take advantage of.
We use HID DigitalPersona to log into our Active directory accounts and even a shared Kiosk account. Even when logging into the shared account, the credentials of the persona accessing that account are logged. It has very flexible multifactor authentication. It has a very extensive list of authentication methods you can use (fingerprint, face, smart card, pin, OTP, etc.).
We use HID DigitalPersona password manager to log into our accounting and utility billing software if that is what is being asked. It is just password substitution, though. It just makes access easier, not necessarily more secure. We also use the password manager via biometric login to access our bank accounts and such.
Not using MS Azure AD other than for MS Office login, not using HID DigitalPersona for this other than for a simple password manager.
I haven't tried any other vendors.
16
Everywhere from upper management all the way down to our field crews.
1
General computer skills and familiarity with Active Directory Group Policy.
- Multifactor authentication
- Password managment
- Many multifactor options (face, fingerprint, PIN, etc)
- We just use it as designed. No innovation.
- Would like to be able to use it to log into local, non-web based apps
No
- Ease of Use
Needed to move to multifator authentication and very strong passwords, but wanted to make it as easy and smooth as possible for our end users.
Probably wouldn't change a thing. Digital Persona is a good fit for us.
April 12, 2019
DigitalPersona stands by their product and their level of support and quality of product is exceptional.
Digital Persona is used to speed up the login process for transactions processed by the application operators as well as to collect biometrics (fingerprint) for customers. In addition to that, in both (operator or applicant) processing of fingerprints, we use Digital Persona to store, match and compare fingerprints as to avoid fraud on the operator side and the applicant side.
- Digital Persona does particularly well on fingerprint matching to authenticate users' credentials via Fingerprint against Active Directory.
- Digital Persona does well on providing active directory tools for troubleshooting problematic fingeprints.
- DigitalPresona provides intuitive wizards for enrolling, re-enrolling and un-enrolling users' fingerprints from active directory.
- Digital Persona authentication process is quite fast. It takes less than 1 second from the time one captures the fingerprint to the time the user is authenticated.
- Digital Persona does not have a granular auditing method for generating reports of active users and the last time a specific user or users were last successfully authenticated or attempted to authenticate in active directory. This functionality can provide significant value to customers, especially for customers where the number of licenses ranks in the thousands. This would allow customers to revoke a license from users who do not use their fingerprint for authentication.
- Digital Persona does not have the ability to purge stale fingerprints to free up licenses that have been assigned to users who do prefer not to use their biometric login, users who have left the company or moved on to a different department. Having the ability to purge stale users' biometrics (and licenses) can potentially save customers licensing fees.
- Digital Persona does not have the ability to run reports for stored biometrics. It could potentially prove useful to be able to run reports of say 5000 users and have a breakdown of fingerprint quality spectrum. This could potentially alleviate administration overhead by identifying stored problematic low-quality fingerprints for users.
- Digital Persona should have its own GUI Based Administration Utility to have one central point of administration including identifying which accounts have not used fingerprint login as to free up unused licenses, license reporting and type of DigitalPersona Feature used.
Having multiple authentication methods provides wide versatility for the enterprise. A corporation can opt for using simply windows fingerprint logins, use API feature to capture fingerprints for applicants via web-based browser applications, use API to design custom windows applications and use API to authenticate users into the application itself as well as use the fingerprint reader to capture customer biometrics and use this to accomplish the desired software functionality.
We use several DigitalPersona features, Active Directory integration allows us to use Windows Biometric (Fingerprint) login on workstations where more restricted access is required.
We are using DigitalPersona to protect Windows based systems and in-house web-based Microsoft .NET applications. The DigitalPersona platform does extend to Unix/Linux but for our implementation requirements, we initially did not need their alternate solution but we now have a Unix/Linux implementation and having DigitalPersona's versatility paid off by allowing us to incorporate and extend the usage and close the gap between Windows & Unix Systems, allowing our applications to exchange biometric data between multiple platforms.
- For our situation, Digital Persona for processing applicants is not an option but a requirement. For the system operators DigitalPersona is also an auditing requirement and a necessity in order to automate processing of applicant transactions throughout the day.
- Digital Persona having joined forces or I should say, merged with Crossmatch has helped standardized the software engineering process for transacting applicants and authentication of operators as well as streamlined the software engineering effort required for performing fingerprint matching.
- Digital Persona has gone above and beyond in providing us customized support to allow us to tailor their software to our specific needs.
DigitalPersona initially had issues in the fingerprint quality aspect and live view functionality for capturing fingerprints. This was initially a setback when we had to use new SDKs(Drivers) for fingerprint readers we had already writing software for. Instead of DigitalPersona rewriting features and functionality already provided by Crossmatch, they started, in my opinion, from scratch and this created a delay in our software delivery process as it required hours of software engineering and testing.
Overall however, DigitalPersona's service and support at all levels, was exceptional. They stood by their product, supported us day after day and provided software engineering support every time it was requested.
4500
Unable to disclose the specifics functions due to security matters.
10
Software Engineers, System Engineers, System Administrators, Help Desk Support Engineers.
- Authenticating system operators into our management stations.
- Capturing customer biometrics for customized use.
- Application Authentication
- Fingerprint Matching
- Unable to disclose the specific methods we use the software for.
- Web Application credential biometric caching and authentication.
No
- Product Features
- Product Usability
- Product Reputation
- Prior Experience with the Product
- Vendor Reputation
- Existing Relationship with the Vendor
We purchased DigitalPersona primarily because it was the most familiar vendor and their hardware was already widely used in the technology industry.
I was quite pleased on the proof of concept and pilot phase when evaluating and selecting the vendor and hardware. Our company has had experience with Digital Persona vendor and other software and hardware vendors. Opting for going with DigitalPersona was the obvious choice as they are already an established vendor and they stand behind their hardware and software products.
- Implemented in-house
Yes
We used industry standard implementation process or our implementation, they were:
Development
QA
Integration Testing
System Testing (Stress Testing)
User Acceptance Testing
Production "Pilot"
Production Full Deployment
Change management was minimal
- We encountered typical software challenges when brewing our in-house software to interface with DigitalPersona API and Hardware.
- Driver issues which were later corrected with new driver releases tailored to address our specific problems.
Yes
Premium support is necessary as part of our ongoing customer support contract.
Yes
Understandably so, the troubleshooting spanned over a couple weeks but eventually the identified issues were resolved.
Last quarter of 2016 and we are currently working to reach out to Crossmatch again as part of a revamp to our software.
- Active Directory Authentication
- Fingerprint Enrollment
- Auditing and purging of seldomly used fingerprints
June 10, 2018
The Concept is Awesome, the Execution Not So Much
We use it across the whole organization. The idea was to use biometric ID rather than memorize and enter passwords in the many applications we use on a daily basis.
- The concept is great. A password vault that is managed using biometric identification. Users forget/lose passwords but not their fingers.
- The fingerprint reader is pretty accurate.
- They could definitely improve on how the software reads/detects log on screens. Some applications, legacy and web based, are difficult for DigitalPersona to pickup on.
- There could be improvements to the user interface. The new Altus interface is actually worse in many ways than the older DigitalPersona interface. For example the way the logons are listed in the program is very convoluted especially if you have multiple logons to the same application.
- They could better test software before releasing it. Our upgrade to Altus from DigitalPersona was terrible. The version we installed had so many flaws that I felt it should not have left beta testing. It broke a lot of the logon templates, some of the password change screens stopped working, some users lost logon data, etc. We are still dealing with the fallout from it. Possibly the worst upgrade I have been involved with in my 18 years of IT experience.
I would say estimate that it works well with about 70% of the applications we use. The 30% either does not work or works partially - the password change template may not work or it will fill in the data but user has to click submit, etc. We have not been successful in using it over VPN using fingerprints. You can use over VPN by typing in the master password as a workaround. It just seems like our most commonly used applications are the ones DigitalPersona has problems with, thanks Murphy.
- When we first got DigitalPersona 7(?) years ago, it was great. It wasn't perfect but it was better than anything else we had seen at the time. However the software just seemed to languish and not improve with time. In fact it got worse with Altus.
- Most of the users seem to like it... when it works. When a password change screen does not work correctly, it is time consuming to fix.
- If the user base is very tech savvy, you will get a slightly better ROI. When the average user flubs up a password change or gets a password reset, it requires some technical help to fix and thus time consuming at times. Some tech-challenged users have a hard time really understanding how DigitalPersona works and those users sap up a lot of resources.
We have not looked at anything else since we have been on DigitalPersona Altus. However with the recent troubles with Altus, I have started to look around.
Yes, AD integration is good and works mostly well. However we have 1-2% of users whose DP/AD is so corrupted that the only fix would be to delete their AD account and start from scratch. This was the last fix suggested by DP support after we tried every other fix they could think of. We have yet to do this fix so those users are not using DP at the moment.
Without getting too specific, we use this for about 30 applications. It works well on about half, and to VARYING degrees with the other half. It's a mix of local/server applications and web applications. When it works, it's a beauty.
- My experience is that most web based applications are the easier ones for DP.
- The admin console to program the signon templates is fairly easy to use.
I have not heard of any vendors directly supporting DP. But I'm not sure that this is a justified question as it is the duty of DP to be able to screen scrape this information and make it usable for us.
Due to their poor execution with new releases and just poor overall software management, I would recommend against implementing as a new install. For example, one of the nice things about their password change screens was that you would summarize the application password requirements and display it for the users. However in one of the releases last year, they stopped displaying that requirements field and replaced it with a generic secure password guideline checklist. So our users would follow that guideline, because of the way we had trained them over the years to follow the password rules that would display, and they would promptly get locked out the application. We have a legacy application which requires a 6 character password and that was promptly displayed until this "upgrade" came along and ruined it all.
300
Every department/role in our company.
4
IT staff
- It integrates with AD so people do not have to remember logon info nor type them in every time.
- It functions as a password vault and thus helpful with the many application logons that our employees use.
- It's great that it supports multiple logons for the same applications. We have employees that have different roles within the same application and thus they have different credentials.
No
- Price
- Product Features
- Product Usability
The concept of the password vault for "all" applications tied to a biometric reader was the ideal solution we were searching for.
I'm not sure we would have selected it any differently. DP had a great concept and a decent product at the time. I just didn't expect them to get worse over time.
- When the templates work and the password change hints were working, password changes were simple.
- It is difficult for some users to grasp the concept of how to use this application after a temporary password is assigned to them and the password screen is "locked".
June 05, 2018
Useful solution for beefing up security posture
We have been able to randomize most of our users' AD passwords so that they are more secure. Most users now authenticate using only their fingerprint.
Right now, only Windows authentication and 3rd party website logins.
- We have not done any integrations. We only use DP to authenticate to 3rd party websites.
- We have done as much integration as we plan on doing for right now.
None of the above
None, we do not have any integrations.
All users authenticate to Windows using biometric fingerprint readers. We also use password manager through the Altus console to authenticate to 3rd party websites. We have over 120 3rd party logins that we manage, so this solution saves us time logging in to 3rd party websites and applications, and also gives us a secure way to store passwords.
- Windows authentication
- Password management
- multifactor authentication
- We have issues with fingerprint misreads with our users who do not have as defined of a fingerprint
- We also have issues with the Agent not loading in Internet Explorer consistently on some workstations.
We have struggled to get it working with VPN due to the fact that VPN is mostly used on laptops. Getting the built in fingerprint reader on laptops to work with DP is shaky at best.
- Positive impact is for the users for which the solution works they love it and it saves them time.
- We don't have any benchmarks, but, anecdotally, users report that the solution saves them time logging into websites and frustration with managing passwords.
75
AD authentication, storing passwords and authenticating to 3rd party websites using fingerprint
1
Understanding of password management and SSO authentication, AD
- AD authentication
- Password management
- Authentication to 3rd party websites using fingerprint
- We use the standard functionality
- We don't have plans to expand the functionality in any way