This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
Digital identity verification
|RSA, The Security Division of EMC
RSA SecurID is a repeat Readers' Choice winner in this category, largely on the strength of its integration and compatibility capabilities. The ubiquitous token is used as a second form of authentication in more than 30,000 customer deployments, and supports 365 products from more than 200 vendors.
"RSA's partner ecosystem has created that broad application support; that's why the product remains so successful, in spite of competitors selling tokens at a dramatically lower price," says Burton Group analyst Mark Diodati.
"Customers stay with them because the solution is easy to use and works with the apps they have."
RSA argues that SecurID's total cost of ownership is much lower than competitors' when time to production, strength of security, the ability to leverage many infrastructures and dependability are taken into account.
SecurID provides strong authentication support for IPsec and SSL VPNs, wireless networks, Windows and Unix desktop and server environments, Web servers and other enterprise applications.
NOTABLE RSA is completing a re-architecture of SecurID that will affect releases later this year and into next. Agent upgrades are also on the docket, as are improvements to support on more mobile device platforms.
VeriSign Identity Protection Authentication Service
VeriSign's Identity Protection Authentication Service finished a close second in this category, with solid scores from readers on the security of its credentials and scalability. VeriSign's two-factor credential can be used across multiple sites; the credential is validated against VeriSign's shared infrastructure, meaning customers do not have to deploy an on-site server. Instead, they connect via SOAP-compliant Web services to VeriSign's network, reducing deployment costs.
VeriSign, like other authentication vendors, has benefited from a glut of regulatory activity mandating two-factor authentication, in particular the FFIEC guidance for online banking.
Product manager Jeff Burstein says VeriSign will concentrate development on new credential choices, including enhancements to its one-time password credit card form factor. Burstein explains that the card, built on OATH one-time password standards, fits into a consumer's wallet--preferable he says to early one-time password generators made of metal that were awkward to carry around.
NOTABLE Some PayPal and eBay customers are likely familiar with the PayPal Security Key, a $5 fob announced a year ago that is used as a second form of authentication.
This was first published in April 2008