Two Factor Authentication Systems? 69
HerculesMO asks: "I've been given a project to undertake that involves setting our internal network systems up to have two factor authentication. I need suggestions to take in front of our CIO that shows how the security model works, cost vs benefit/features, and the different options. At this point, the name brand is RSA and I'm pressed to find any others even though I've done looking around. We are open to biometric tokens as well, because they may be used for digital certificate signing for e-mails. Sadly, it has to integrate with our Windows 2003 Active Directory set up... it's not Linux, but I figure Slashdot readers can come up with lots of Linux security tokens that will work under Windows too, so please have at it! :)"
See this article for pointers (Score:3, Informative)
It gives pointers to various offerings, including one-time passwords, hardware tokens, smart cards, and biometrics.
Two-factor Coming to 1 Million Paypal Accounts (Score:3, Informative)
This is significant, since you have a lot more phishing attacks targeting Paypal and eBay than the major banks these days.
Re:Can weaken security? (Score:2, Informative)
A few pointers... (Score:2, Informative)
The biggest and most overlooked issue is the requirement for client-side software and drivers. The various OTP solutions (SecurID, etc.) are zero footprint. They can be used from any computer. If portability is as imporant as strong authentication, you should consider an OTP solution.
Smartcards and biometric devices require drivers at a minimum. Most require some type of middleware. This means you will have to manage a software deployment and the devices can only be used from systems that have the software installed.
Smartcards provide crypto, which can be leveraged for SSO, secure mail, etc. but by far, most of these projects succeed or fail based on the ability to actually deploy and use the solution.
vasco ? (Score:2, Informative)
my bank (SEB in sweden) has been using them for years.
the system is pretty easy to use. you don't need a CS major to work it.
PortWise (Score:2, Informative)
PassGo (Score:2, Informative)
Consider WiKID - FD: I work there (Score:2, Informative)
Available in both open (https://sourceforge.net/projects/wikid-twofactor
In terms of evaluating based on financial, relative security and operations issues you might want to read this, which I wrote for WiKID: http://www.securitydocs.com/library/3048 [securitydocs.com]. A cleaner costs analysis between a hardware tokens such as RSA and WiKID is here: http://www.wikidsystems.com/features/lessexpensiv