RSA Security is to offer businesses a range of lower cost alternatives to traditional two factor authentication tokens, in a move that could accelerate the replacement of passwords with more secure forms of authentication.
At its annual user conference in San Jose, California, the company announced a range of products that will reduce the cost of deploying strong authentication by incorporating two factor technology into mobile phones, laptop computers, memory sticks, and desktop PCs.
Last year, Gartner predicted that passwords would reach the end of their useful life by 2007, forcing businesses to move to two factor authentication.
Companies have been slow to deploy the technology so far because of its cost and complexity, but RSA claims that incorporating two factor authentication into other devices will significantly reduce the cost of deploying and managing two factor tokens.
“It will reduce the cost of acquisition because they are not buying another device. But more importantly, it removes the cost of managing another credential. By using a device that you have already got, you take out a huge amount of complexity,” said John Worral, RSA VP.
The initiative has attracted interest from firms including the US oil company, Chevron, which embarked on an programme to replace passwords for 70,000 employees worldwide with smart cards and RSA smart tokens last year.
RSA was set to announce deals with a range of suppliers including Microsoft, SanDisk, Motorola, Red Cannon and M-Systems, which plan to incorporate RSA’s two factor authentication technology into their software and devices, today.
RSA will also announce a Secure ID toolbar, that will plug into web browsers to offer two factor authentication from a PC.
The technology is attracting interest from internet banks who see it as a low cost alternatives to secure ID tokens for online banking customers, and from businesses for securing portals used to share information with their clients and partners, said RSA.
“We have a broadening profile for two factor authentication but one size does not fit all. We need different approaches,” said Worrall. “We think it will significantly increase the number of people using something more than a password.”
RSA plans to offer software to banks that will allow them to assess the risks of individual transactions, and tailor the level of security required in each case.
For example, a bank might regard a password as adequate security for checking a bank balance on line. But a large transfer out of an account, could trigger additional security questions, or a call from the bank to verify the transaction.
The announcement represents a shift in business strategy for the firm, following its acquisition of Cyota, an online security and antifraud specialist for financial institutions last month.