RSA sharpens focus on password problem

RSA Security is renewing its focus on improving the security of user passwords with RSA Sign-On Manager, a rebranded version of...

RSA Security is renewing its focus on improving the security of user passwords with RSA Sign-On Manager, a rebranded version of its SecurID Passage product that the company claims will make it easier for enterprises to manage user passwords.

The relaunched product will be available in September and will be able to manage user log-ins for around 90 different enterprise applications using single sign-on technology licensed from Passlogix.

A new RSA technology called IntelliAccess will allow users to recover forgotten user names and passwords, saving expensive help desk calls.

Single sign-on technology allows organisations to simplify management of user access credentials. The products store credentials for multiple applications, then interact with those applications on behalf of users during login, allowing users to keep just one user name and password combination, rather than maintain a separate set of credentials for each network or web application they need to access.

The product will work with any x.509-standard digital certificate authority, as well as a wide range of RSA's two-factor authentication technologies, including RSA SecurID authenticators, RSA Smart Cards or USB (authenticators, as well as biometric identifiers, digital certificates and standard passwords.

Passlogix's V-GO SSO technology provides the single sign-on functionality. The Sign-On Manager joins that technology to strong authentication products, for organisations that want to simplify their users' online experience, but still maintain strict security around user access, said Phil Fulchino, director of product management at RSA.

The software-only product uses a Microsoft Windows XP and Windows 2000 client that authenticates the user at the desktop and manages access to network and web applications.

A separate Sign-On Manager server stores user credentials and authentication policies for the applications under management, periodically updating the Sign-On Manager clients. The server runs on Windows 2003 machines. A version for the Sun Microsystems Solaris environment is also due soon.

The Sign-On Manager's IntelliAccess feature allows users to retrieve forgotten sign-on credentials, even when disconnected from the Sign-On Manager server, by providing unique, identifying information at the desktop, which is checked against credential information stored securely on the client.

Management features also make it easier to maintain strong security for network- and web-based applications by allowing administrators to schedule automatic password updates for their applications. Those passwords and updates are managed by Sign-On Manager.

The Sign-On Manager is being beta-tested now and is scheduled for release in September and will cost around $89 for a single user licence.

Paul Roberts writes for IDG News Service

Read more on PC hardware