One-time passwords and token devices
One-time passwords are a good and relatively low-cost alternative. Like the name suggests, the passwords are used once only and if the same password is used again at a later stage in a login attempt then the subject is rejected.
The tokens are small devices that are synchronised with the authentication server system to issue the user with a password when a button is pressed on the device.
One-time passwords are an excellent choice if one is concerned about keyloggers or spyware infections that may be collecting data from compromised machines. Another benefit to one-time passwords is they can stop identity fraud occurring within the organisation.
Vasco Data Security shipped us a copy of its Radius server middleware and one of its token devices.
Vasco has managed to include two-factor authentication with the tokens by having the user input a static PIN first, such as 1234 (something they will know) and then the one-time password supplied by the token (something that they have). Using this, the login would look like 1234 (code on the token).
There are also options to interface with Web-based logons, Citrix, Lotus/Domino, Windows, and Novell.
RSA, Verisign, and Giesecke & Devrient also supply one-time password generating token devices.
| Vendor |
LM Gemplus |
| Web |
www.lmgemplus.com |
| Phone |
03 9583 7744 |
| Technology |
Tokens and smart cards |
| Model |
"Gemsafe" products |
| Price |
Cards from AU$5.50, Readers from AU$60.50, Software pricing
variable depending on application and site requirement. |
| |
| Interoperability |
 ½ |
| Mainly revolving around smart card technologies, Gemsafe products
offer a wide range of interoperability with many card varieties. |
| Futureproofing |
 ½ |
| While quite “heavy” on the software side of things
(100MB+) the systems are quite scalable. |
| ROI |
 |
| Reasonably priced particularly when considering the peace
of mind and security a well designed and deployed smart card solution provides
the enterprise. |
| Service |
 ½ |
| 12-month warranty -- adequate seeing as the low cost of individual
components in this solution. |
| Rating |
 |
|
| Vendor |
Vasco Data Security |
| Web |
www.vasco.com |
| Phone |
02 8920 9633 |
| Technology |
Tokens & RADIUS software |
| Model |
Go 3 |
| Price |
AU$1452 for 10 tokens, maintenance and RADIUS software
|
| |
| Interoperability |
|
| Very good interoperability, support for RADIUS as well as
Web-based logons, Citrix, Lotus/Domino, Windows and Novell. |
| Futureproofing |
|
| A one-time password is a more secure authentication method
than users writing down passwords on sticky notes or having login credentials
and passwords picked up by spyware. |
| ROI |
|
| One of the cheaper forms of more secure authentication. |
| Service |
½
|
| 2 years standard, up to 5 years contract is a very good service
level. |
| Rating |
|
|
You should have included in your testing the CAT (Cellular Authentication Token) by Mega AS Ltd (www.megaas.co.nz).
The is the best Authentication (cost/performance) available today.