RSA Security Inc. is holding out consistent treatment of user authentication across applications, and automated procedures for the troublesome problem of lost passwords, as two attractions of its new Sign-On Manager.

The new authentication platform for the first time combines single sign-on with RSA?s two-factor identification -- the user must both know a password and provide some other identification such as a token that they hold.

Two-factor authentication mitigates the widely perceived risk that single sign-on offers ?the keys to the kingdom,? says RSA?s Australia/New Zealand business development manager Mark Pullen; that once one authentication barrier is passed, the user can do anything on a wide range of applications.

Applications typically vary in the policies they adopt for authentication, Pullen says. Sign-On Manager maintains a single authentication policy on a central server, with interfaces to the most widely used applications. Currently the company has ?hooks? for 90 applications, running on mainframe, Windows and Unix/Linux platforms, he says.

RSA?s IntelliAccess technology mitigates the lost password or lost token headache, which consumes a lot of the time of a typical help desk. A user who has forgotten a password or mislaid a token is fed a random selection of questions, typically three out of a pre-prepared database of 20 questions and answers, ?but the number is set as part of the policy?. The right answers get the user emergency access until the longer-term problem can be fixed -- perhaps just by finding a mislaid token.