The standard process of using semi-permanent passwords to access applications is passé. That's the message at the RSA Conference in San Francisco.
Two security vendors this week announced new tokens, which are small pieces of hardware that users often carry on keychains to gain access to computers, often through a USB port. Tokens can issue one-time passwords that become invalid after a user accesses an application, or can contain user-authentication data as an enhancement or even replacement to passwords and user names.
RSA Security Inc. announced a new USB-enabled token, the SecurID SID800, which can store electronic credentials such as one-time passwords, digital certificates, and standard passwords. RSA also unveiled the SecureID SID700, which is 35% smaller than its well-known SecurID authenticator. RSA says it shipped its 20-millionth SecurID authenticator last quarter.
SecurID SID800 can be used for "strong authentication" (two or more ways of identifying a user) for RSA's Sign-On Manager identity-management application. A 64,000-smart chip sports enough room for up to seven digital certificates and three sets of username/password credentials. Pricing varies by quantities purchased, but the SecurID SID700 averages around $42 per device and the SecurID SID800 is priced around $50.
Strong-authentication competitor VeriSign Inc. announced that it will soon make available two new tokens. The company says it will offer a one-time password token with a total cost of operation per user of less than $10 a year. VeriSign also is releasing a dual-purpose USB authenticator with either 128-Mytes or 265-Mbytes of secure storage. The USB authenticators can be used to store one-time passwords, PKI credentials, and provide functionality similar to that of smartcards.
A survey released by RSA Security showed consumers are losing faith in traditional security measures. When asked if usernames and passwords provide enough protection for their personal information, 53% said no, compared with only 35% last year.