Two-factor ID is higher security, says RSA

Von Stephen Bell

RSA Security Inc. is holding out consistent treatment of user authentication across applications, and automated procedures for the troublesome problem of lost passwords, as two attractions of its new Sign-On Manager.

The new authentication platform for the first time combines single sign-on with RSA?s two-factor identification -- the user must both know a password and provide some other identification such as a token that they hold.

Two-factor authentication mitigates the widely perceived risk that single sign-on offers ?the keys to the kingdom,? says RSA?s Australia/New Zealand business development manager Mark Pullen; that once one authentication barrier is passed, the user can do anything on a wide range of applications.

Applications typically vary in the policies they adopt for authentication, Pullen says. Sign-On Manager maintains a single authentication policy on a central server, with interfaces to the most widely used applications. Currently the company has ?hooks? for 90 applications, running on mainframe, Windows and Unix/Linux platforms, he says.

RSA?s IntelliAccess technology mitigates the lost password or lost token headache, which consumes a lot of the time of a typical help desk. A user who has forgotten a password or mislaid a token is fed a random selection of questions, typically three out of a pre-prepared database of 20 questions and answers, ?but the number is set as part of the policy?. The right answers get the user emergency access until the longer-term problem can be fixed -- perhaps just by finding a mislaid token.