RSA Security is to offer businesses a range of lower
cost alternatives to traditional two factor authentication tokens,
in a move that could accelerate the replacement of passwords with
more secure forms of authentication.
At its annual user conference in San Jose, California, the
company announced a range of products that will reduce the cost of
deploying strong authentication by incorporating two factor
technology into mobile phones, laptop computers, memory sticks, and
desktop PCs.
Last year, Gartner predicted that passwords would reach the end
of their useful life by 2007, forcing businesses to move to two
factor authentication.
Companies have been slow to deploy the technology so far because
of its cost and complexity, but RSA claims that incorporating two
factor authentication into other devices will significantly reduce
the cost of deploying and managing two factor tokens.
“It will reduce the cost of acquisition because they are not
buying another device. But more importantly, it removes the cost of
managing another credential. By using a device that you have
already got, you take out a huge amount of complexity,” said John
Worral, RSA VP.
The initiative has attracted interest from firms including the
US oil company, Chevron, which embarked on an programme to replace
passwords for 70,000 employees worldwide with smart cards and RSA
smart tokens last year.
RSA was set to announce deals with a range of suppliers
including Microsoft, SanDisk, Motorola, Red Cannon and M-Systems,
which plan to incorporate RSA’s two factor authentication
technology into their software and devices, today.
RSA will also announce a Secure ID toolbar, that will plug into
web browsers to offer two factor authentication from a PC.
The technology is attracting interest from internet banks who
see it as a low cost alternatives to secure ID tokens for online
banking customers, and from businesses for securing portals used to
share information with their clients and partners, said RSA.
“We have a broadening profile for two factor authentication but
one size does not fit all. We need different approaches,” said
Worrall. “We think it will significantly increase the number of
people using something more than a password.”
RSA plans to offer software to banks that will allow them to
assess the risks of individual transactions, and tailor the level
of security required in each case.
For example, a bank might regard a password as adequate security
for checking a bank balance on line. But a large transfer out of an
account, could trigger additional security questions, or a call
from the bank to verify the transaction.
The announcement represents a shift in business strategy for the
firm, following its acquisition of Cyota, an online security and
antifraud specialist for financial institutions last month.