RSA, VeriSign Take Two-Factor Authentication Onstage

UPDATED: Two-factor authentication technology vendors RSA Security and VeriSign took center stage on
Tuesday with separate announcements trumping the value of adding another
security layer to the existing username/password scheme.

RSA Security announced a deal with America Online to
launch AOL PassCode, a new paid service for AOL subscribers that offers
a second level of AOL account protection through the use of a
keychain-sized device that generates and displays a unique six-digit
numeric code every 60 seconds.

“It’s the equivalent of adding a deadbolt to your AOL account,” John
Worrall, vice president of worldwide marketing at RSA Security, told

Worrall said the partnership with AOL creates the first ever consumer
rollout of the two-factor authentication technology. Before now, RSA
Security’s authentication was being used only in the enterprise and
small and medium-size business (SMB) environments.

The deal with AOL calls for the ISP to promote the availability of
the passcode service on its proprietary “keyword” service and in direct
messages to subscribers. AOL users must order the $9.99 device, or
token, and pay a monthly fee of between $1.95 and $4.95 (depending on
the the number of protected screen names on the account).

AOL will market the feature within its Safety and Security Group,
which already hawks third-party anti-virus, anti-spam and firewall

“In addition to those, users now get the option to protect their
identities,” Worrall added.

Ned Brody, who heads up AOL’s premium services division, said the RSA
authentication would be especially valuable for members who use their
accounts for business purposes and financial transactions.

“We’re very keen on this partnership to drive adoption [of two-factor
authentication] to the consumer space,” Worrall said. “We know the
usability issues. We know the security issues from our success in the
enterprise market. We’re now taking that knowledge and expertise and
applying it to consumers.”

Separately, VeriSign announced plans to ship a Unified Authentication
product that allows the use of a single, integrated platform to power a
company’s strong authentication needs.

Unified Authentication integrates VeriSign’s security infrastructure
with Microsoft Windows Server 2003 platform and piggybacks on Microsoft
technologies, such as Active Directory, Microsoft Certificate Server and
the Microsoft Internet Authentication Services components.

VeriSign said the Unified Authentication product supports a wide
range of One-Time Password (OTP) and PKI
credentials that can be deployed in desktop software, smart card and USB
token form factors.

A new hybrid token, which will be available on September 30, combines
both OTP and PKI capabilities into a single security device.

RSA Security also plans to ship its SecurID for Microsoft Windows
technology, which offers strong authentication for all networked users
as an alternative to the traditional Microsoft Windows “user name and
password” login method.

In addition, the company also recently launched RSA Sign-On Manager,
which combines the authentication products with Enterprise Single
Sign-On. The Sign-On Manager helps businesses reduce help desk costs and
simplify the user experience by allowing users to sign on once and
obtain access to all of their online resources.

News Around the Web