Consistent treatment of user authentication across
applications and automated procedures for lost passwords are two of
the big attractions of RSA Security's new Sign-On
Manager.
For the first time, the new authentication platform combines
single sign-on with RSA’s two-factor identification - the user must
know a password and provide some other identification such as a
token that they hold.
Two-factor authentication mitigates the widely perceived risk
that single sign-on offers “the keys to the kingdom”, according to
RSA business development manager Mark Pullen.
Pullen said that IT applications typically varied in the
policies they adopted for authentication. Sign-On Manager maintains
a single authentication policy on a central server, with interfaces
to the most widely used applications. Pullen said RSA currently had
“hooks” for 90 applications, running on mainframe, Windows and
Unix/Linux.
RSA’s IntelliAccess technology mitigates the lost password or
lost token headache, which consumes much of the typical helpdesk's
time.
A user who has forgotten a password or mislaid a token is asked
a random selection of questions, typically three out of a
predefined database of 20 questions and answers, although the
number is set as part of the security policy. The right answers get
the user emergency access until the longer-term problem can be
fixed - perhaps just by finding a mislaid token.
Stephen Bell writes for Computerworld