RealTime IT News

RSA, VeriSign Take Two-Factor Authentication Onstage

UPDATED: Two-factor authentication technology vendors RSA Security and VeriSign took center stage on Tuesday with separate announcements trumping the value of adding another security layer to the existing username/password scheme.

RSA Security announced a deal with America Online to launch AOL PassCode, a new paid service for AOL subscribers that offers a second level of AOL account protection through the use of a keychain-sized device that generates and displays a unique six-digit numeric code every 60 seconds.

"It's the equivalent of adding a deadbolt to your AOL account," John Worrall, vice president of worldwide marketing at RSA Security, told internetnews.com.

Worrall said the partnership with AOL creates the first ever consumer rollout of the two-factor authentication technology. Before now, RSA Security's authentication was being used only in the enterprise and small and medium-size business (SMB) environments.

The deal with AOL calls for the ISP to promote the availability of the passcode service on its proprietary "keyword" service and in direct messages to subscribers. AOL users must order the $9.99 device, or token, and pay a monthly fee of between $1.95 and $4.95 (depending on the the number of protected screen names on the account).

AOL will market the feature within its Safety and Security Group, which already hawks third-party anti-virus, anti-spam and firewall services.

"In addition to those, users now get the option to protect their identities," Worrall added.

Ned Brody, who heads up AOL's premium services division, said the RSA authentication would be especially valuable for members who use their accounts for business purposes and financial transactions.

"We're very keen on this partnership to drive adoption [of two-factor authentication] to the consumer space," Worrall said. "We know the usability issues. We know the security issues from our success in the enterprise market. We're now taking that knowledge and expertise and applying it to consumers."

Separately, VeriSign announced plans to ship a Unified Authentication product that allows the use of a single, integrated platform to power a company's strong authentication needs.

Unified Authentication integrates VeriSign's security infrastructure with Microsoft Windows Server 2003 platform and piggybacks on Microsoft technologies, such as Active Directory, Microsoft Certificate Server and the Microsoft Internet Authentication Services components.

VeriSign said the Unified Authentication product supports a wide range of One-Time Password (OTP) and PKI credentials that can be deployed in desktop software, smart card and USB token form factors.

A new hybrid token, which will be available on September 30, combines both OTP and PKI capabilities into a single security device.

RSA Security also plans to ship its SecurID for Microsoft Windows technology, which offers strong authentication for all networked users as an alternative to the traditional Microsoft Windows "user name and password" login method.

In addition, the company also recently launched RSA Sign-On Manager, which combines the authentication products with Enterprise Single Sign-On. The Sign-On Manager helps businesses reduce help desk costs and simplify the user experience by allowing users to sign on once and obtain access to all of their online resources.