Consistent treatment of user authentication across applications and automated procedures for lost passwords are two of the big attractions of RSA Security's new Sign-On Manager.
For the first time, the new authentication platform combines single sign-on with RSA’s two-factor identification - the user must know a password and provide some other identification such as a token that they hold.
Two-factor authentication mitigates the widely perceived risk that single sign-on offers “the keys to the kingdom”, according to RSA business development manager Mark Pullen.
Pullen said that IT applications typically varied in the policies they adopted for authentication. Sign-On Manager maintains a single authentication policy on a central server, with interfaces to the most widely used applications. Pullen said RSA currently had “hooks” for 90 applications, running on mainframe, Windows and Unix/Linux.
RSA’s IntelliAccess technology mitigates the lost password or lost token headache, which consumes much of the typical helpdesk's time.
A user who has forgotten a password or mislaid a token is asked a random selection of questions, typically three out of a predefined database of 20 questions and answers, although the number is set as part of the security policy. The right answers get the user emergency access until the longer-term problem can be fixed - perhaps just by finding a mislaid token.
Stephen Bell writes for Computerworld