I've recently purchased an IBM Thinkpad that came with a fingerprint scanner. That got me thinking: are fingerprint scanners a good way to protect your code i.e. if someone takes your laptop or goes on your laptop while you're away, would they still be able to get in?
The question also applies for other biometrics techniques that the new Thinkpads have (iris scans, I believe).
Are there other ways of physically protecting your code?
I think you need to read the docs that come with the Thinkpad. On mine at least, they said NOT to use the fingerprint reader as the sole security measure but to use it in conjunction with passwords.
IBM (or Lenovo now) provide other security measures such as a BIOS password that's near impossible to get at once the machine has booted (the EEPROM holding the info is switched out of the address space) and hard disk passwords built into the actual hard disk so you can't just plug it into another machine.
Depending on how paranoid you are, you can use all these features.
Don't trust the fingerprint scanner. Biometrics are notoriously bad for false positives.
You probably want to use whole-disk encryption, or put all your code on a partition or usb key or something else that you can encrypt.
PGPDisk is a good free tool, though there are others. Protect it with a strong password or better, a password protected key on a separate token like a smart card.
If you really want to protect it that badly, you might want to consider putting it on an encrypted filesystem using TrueCrypt or something like it. Unless the Thinkpad encrypts your drive using a key derived from your biometric information (which would be insane in my opinion) it would be very easy to circumvent by moving the hard drive to a different computer.
Well fingerprints can be simulated with gummi bears. I'd say good encryption and some decently strong keys will be the best bet to protect your data.
There is only encryption.
Biometrics are simply an authentication mechanism and can't be used to protect code. If someone takes your computer and removes the hard drive, they can analyze it and take anything that isn't encrypted. You should try some of the various whole-disk encryption products that are available.
I guess what you really need is to protect your hardware (laptop, server room), for that you can you commom security techniques (locks, etc). Additionaly you could keep you code inside an encrypted folder. There are many tools for that too.
Don't take it in a laptop in the first place? Seriously, if you're really paranoid, even with drive encryption, if I steal your laptop then it's game over if the source is on it. Even encrypted, it's just a matter of a brute force attack. I have the laptop, I have all the time in the world. Don't put the source on the laptop, use a VPN and keep it at work.
We've been banned from using the current generation of biometrics installed on our Lenova systems - it's been deemed too weak. There's plenty of reading material on the web about its weaknesses.
Our domain enforces strong passwords (10> length, alpha upper/lower, numeric and symbol). Bitlocker secures the volume. When logging in over RAS we demand physical evidence in the form of a smartcard in addition to the regular username + password.
For extra high security systems such as our internet facing servers we add key fob one-time generators too.
You could install a trapdoor underneath your developer chair. It will be triggered if the thief cannot recite the latest xkcd joke when he tries to boot your system. It will cast him into a bottomless pit. Or if you're cruel, the guy will land in a cellar where he will be forced to write vb macros for the office suite for the rest of his life.
if someone takes your laptop or goes on your laptop while you're away...
Always lock your computer when you're gone. And don't let any of your accounts (especially the admin one) have an empty password...
As for physically stealing, we've had a few laptops stolen. First, every employee now needs to take it home with them. Second, the front door needs a badge to get in.
If you really need to protect it, using Truecrypt will probably do the trick. Your data is then pretty damn safe.
Also, having your code only on your laptop would be a terrible idea, it's what source control is invented for ;)
Fingerprint reader wont protect your code. If someone wants it badly, they can just take our your hard disk, put it in their own PC and take ur data.
For me, notebook fingerprint readers are nothing more than a comfort, to avoid having to type a username/password
On a laptop I'd go for full drive encryption like TrueCrypt, protect you harddrive and the bios with a decent password and don't forget about the copy you stored on your USB-key that can be stolen too.
But before the laptop is gone, make sure you still have a safe and recent copy somewhere else.
A last comment: unless there's some IP related to the code, code is not worth that much. Understanding code you don't have written is a pain in the a** unless you wrote it for that purpose. And don't forget, even if it's stolen it's still yours - if your competitor got it, uses it and you can proof it - the law is on your side.
In GNU/Linux, you can also use encfs, which is a user-space encrypted file system that runs on top of FUSE.
It is very easy to use, just type in a terminal:
$ encfs ~/.encryptedstorage ~/path/to/seccure-code
And after following the directions. You'll have a secure-code directory where you can safely store all the source code you want to protect.
And you can combine it with sshfs to store files on a remote server, and then use the sshfs-backed file system as your encrypted storage. Using this method you can have all your source code files stored on a remote server, completely encrypted.
Someone once told me that having the competition steal your source code would be the best possible scenario. Their programmers will be busy reading your old code while you work on creating new features that are even better.
Fingerprint readers offer zero protection for stolen laptops. Why? Your fingerprints are all over the thing!
I thought Lenovo laptops now had Computrace Lojack for Laptops installed to trace laptops and save/delete data - see blog post: http://blog.absolute.com/lenovo-laptops-to-have-computrace-installed/
If you are running the correct version of Vista you could use BitLocker to encrypt the contents of the entire harddrive.
I would have made this a comment on @flower above but I don't have enough credits yet.