There is an oft used term that a recent event is a 'sign of the times'. In 2011
though, technology has dictated the ringing of the bell announcing the dead - at least in terms of the traditional token. Gone are the days of the telltale SecurID key fob dangling from your house keys. The recent hacking of RSA exposed data that could ultimately compromise the security of the widely used SecurID token. In their defense, it's not the first time tokens have been attacked; and yes, compromised. Tokens are, in fact, still around. So, why, you may ask, is this year different from previous ones?
Let us review:
- During the 70's the 8 inch floppy was king
- The 80's gave way to the 5 inch floppy disk & later, the 3.5 inch
- The 90's took it a step further and gave us the CD, USB, and DVD for media alternatives
- All hail, the Blu-ray of the new millennium
What this shows is that all things change. Nothing, especially where technology is concerned, is constant. Two factor authentication is no exception. While two factor authentication has seen improvements since the days of yore with complex and cumbersome challenge tokens, we're still relying on this antiquated technology in the majority of physical tokens today.
If you think that a solution is great only because it's stood the test of time longer than most, think again. Columbus thought that, and he ended up only 9,000 miles away from his goal. This sure isn't India...
The simple fact is there are several issues with physical tokens and the way they are, and continue to be, implemented. Some of these problems have been around for almost the entire 30 years we've been using them.
Here are a few examples:
- Token deployment, even as simple as issuing a SecurID token to an employee, is tedious, and time consuming; sometimes even relying on snail mail which could take in excess of many months for distribution over an entire enterprise
- Over 10% to 15% will be damaged, lost, or stolen every year
- Barring all this, at best, a token's lifespan is 3 to 5 years
- Users forget their tokens - even ones attached to key rings; Contractors lose track of which token is for which client, adding more confusion
- Physical token systems require updates, maintenance, re-synchronization, and replacement
To every problem, a solution exists. How can we, as a global enterprise, still be secure, yet use technology that is already in place? The answer is simple - and you already own it.
Enter: The Mighty Cell Phone.
SMS has been in use for years, but with the global community reaching in excess of well over 5 billion devices currently in use, it seems most of us have overlooked one thing SMS is good for - that being to act as an authentication token. A passcode is sent to your Droid phone, for instance, thus eliminating the need for a physical token. SMS alone is not the answer, though. SMS does, in fact, have its pitfalls. The real answer lies in an ability to create similar (or even better, stronger) security that is already inherent in devices we already predominantly use. The unreliable nature of delays in messaging, cellular dead zones, or network issues with your provider are actual issues you may very well face. I am certain that those who wish to still cling to an antiquated technology, such as key fob based tokens, are sure to use as a rallying cry. At what point, though, do you stop bailing the sinking ship, and find a newer, better, stronger one?
Now Entering: MobilePASS.
MobilePASS by SafeNet, is a technology that still uses the same methodology of tokens, that being a two-factor authentication system. It simply does it in a better way. With MobilePASS, there's no additional hardware to lug around with you, the technology is easily deployed (and furthermore, managed), and the learning curve is non-existent. You do know how to download an app, don't you?
Strong encryption is still on the playing field. The tried and true two-factor authentication is still in the mix, yet the cumbersome, expensive, and dare I say, recently compromised hardware token, isn't.
"But what about my Windows Device?"
"There's an App for that".
In fact, not only is there an app for that old desktop of yours, but there's one for the iPhone, Blackberry, Windows Mobile, Android, Java 2ME, and even Out Of Band devices via SMS. Did I mention that it also covers Windows Server based platforms as well?
To log on to a secure network, from a laptop, PC or even an iPad (with the right software installed of course), users generate a One-Time Password (or OTP for short), via the MobilePASS app on their phone, and then enter this in the login screen thus creating a secure connection. Out of band delivery can also be granted via SMS or even email.
While MobilePASS by SafeNet is only one solution out there that utilizes cellular technology to end the need for the traditional token, this sort of solution is great for many reasons.
It is estimated that such a solution as moving to an SMS based method such as this can reduce the ongoing running costs of authentication means by over a whopping 40 to 60 percent! Lower cost, higher convenience, and utilizing technology already in place.
SafeNet is a global solutions partner of NWN Corporation. As such, NWN can leverage this partnership to assist our clients in lowering their bottom line, ensuring the security of their infrastructure, and delivering the best technology-based solutions currently available.
Posts
