Consistent treatment of user authentication across applications and automated procedures for lost passwords are two of the big attractions of RSA Security's new Sign-On Manager.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
For the first time, the new authentication platform combines single sign-on with RSA’s two-factor identification - the user must know a password and provide some other identification such as a token that they hold.
Two-factor authentication mitigates the widely perceived risk that single sign-on offers “the keys to the kingdom”, according to RSA business development manager Mark Pullen.
Pullen said that IT applications typically varied in the policies they adopted for authentication. Sign-On Manager maintains a single authentication policy on a central server, with interfaces to the most widely used applications. Pullen said RSA currently had “hooks” for 90 applications, running on mainframe, Windows and Unix/Linux.
RSA’s IntelliAccess technology mitigates the lost password or lost token headache, which consumes much of the typical helpdesk's time.
A user who has forgotten a password or mislaid a token is asked a random selection of questions, typically three out of a predefined database of 20 questions and answers, although the number is set as part of the security policy. The right answers get the user emergency access until the longer-term problem can be fixed - perhaps just by finding a mislaid token.
Stephen Bell writes for Computerworld