Overall Satisfaction with HID DigitalPersona (formerly Crossmatch)
In today's ever security conscious world we have too many usernames and passwords to manage. Our IT department wanted help the users in our organization stay secure. As many users without a security management system would just write down their passwords near their workstation, save a text document, or a spreadsheet, we knew we needed to provide an easy solution. We offered DigitalPersona to most of our organization, those that manage lots of logins and those that move around the organization often. This provided two solutions to us: One, eliminating unsecure password lists. Two, allowing faster processing of credentials via biometrics for those that enter passwords often.
- Easy for our users to register their fingerprints without IT hand holding. (Sorry for the pun).
- Fingerprint accuracy. We have never had any issues with accuracy.
- Some use the password manager without the biometrics as it is fully functional password manager without the authentication piece.
- I wish there was a way for DigitalPersona to recognize when a webpage has changed a header. As it works now if a login page address or header changes then DP doesn't know you have a saved password for the site. This requires editing the current entry or creating a new one.
- Not sure if this has been fixed in the most recent version, but we have had issues with deleting AD accounts before deleting the license and fingerprints associated with it. This resulted in the license being tied to a user no longer employed and no way to remove it without technical support.
- The newest version is slow to open the password manager.
We have taken advantage of the multiple use case support in DigitalPersona to allow users not just biometric authentication for PC logon, but to quickly logon to business critical applications and for various websites. We have several shared work spaces and allowing staff a quick and reliable method to quickly logon to PC and appropriate applications has been a great help. It has also helped with the varying requirements for password length or complexity that a variety of websites has since our users can use biometrics and not have to remember all these unique passwords.
Yes, we have benefited from the Microsoft Active Director integration. We simply assign users to our AD groups or GPO and they are asked to register their finger prints by the client. It is easy to manage and delete or reset finger prints from within Active Directory, so users never have to worry about getting locked out if they have problems with their prints.
A variety of websites, web apps, and our electronic medical records. With so many web applications and various requirements for unique passwords, having DigitalPersona track the user's logon information verse a separate password manager or sticky notes, has added a lot of peace of mind to IT staff. We don't have to worry about poorly stored passwords on notes or unsecured files.
We are not currently taking advantage of the multi-factor authentication with Azure AD. However it is a feature that we are glad is available if future projects expand our use of Azure or an Azure hybrid environment. Having an option that is already included with a product we own is always comforting, even if we are not using it yet.
- Increased security for entire organization.
- Ease of security management for users of multiple credentials.
- I wouldn't say we have seen a direct ROI but we have seen value in the purchase.
I don't recall the other products that we looked at when shopping, but we selected DigitalPersona for the suite of tools at a compelling price point. Having a robust solution that has met our needs was solution enough for us. It is not perfect but we have not found a better product that met our needs and budget.
We have a few users start with DigitalPersona and then stop using it. The cases generally involved 1 or 2 things. One, dry skin or smooth fingers have caused some problems with the readers detecting the user's finger print. When the reader became hard to use the user stopped using it. Two, users didn't need to login to a variety of systems. Users that don't enter credentials throughout the day didn't find much value in the system since they generally logged on in the morning and after lunch and that was all.