Can Tokens And Smart Cards Boost Security? - InformationWeek
IoT
IoT
News
News
2/27/2004
03:48 PM
50%
50%

Can Tokens And Smart Cards Boost Security?

Vendors promote new approaches, but it's unclear whether users will adopt them

When it comes to security, user names and passwords aren't getting the job done. And the threats are growing. The solution, security vendors say, is to make it more difficult to access business networks and applications, while still keeping procedures easy enough so users don't rise up in protest.

New approaches to more-secure access focus on smart cards and one-time password tokens, which add a second step to logging on to a network and gaining access to applications. Several vendors last week used the RSA Security Conference to introduce those kinds of products, which they say will improve business security. Smart cards are small devices that plug into a computer to help verify the identity of the user. Tokens can provide temporary one-time passwords that a user must key into a PC to gain access. These authentication devices usually are used in conjunction with passwords, but not always.



Security advances will provide a more seamless computing experience, Microsoft chairman Gates says.

Photo by Lou Dematteis/EPA/AP
These advances will provide "a safer and more seamless" computing experience, Microsoft chairman Bill Gates said during his keynote speech at the conference.

RSA Security Inc., working with Microsoft, introduced tokens called SecurID for Microsoft Windows, which provide users with a temporary password every 60 seconds; the password is used with a secret personal-identification number to log on to Windows. SecurID is expected to be available later this year.

Also working with Microsoft is VeriSign Inc., which provides Internet authentication and directory services. It plans to offer a service to help companies manage the provisioning of authentication devices such as tokens and smart cards. The service will authenticate users over the Internet and support authentication devices from various vendors.

Some security vendors are adding new twists to USB tokens. Rainbow Technologies Inc. showed the RFiKey, a USB token with radio-frequency identification technology that can be used to access buildings as well as computer systems. Aladdin Knowledge Systems Inc. combined its eToken Pro USB smart card with an LCD-display for one-time passwords, so employees can use it to digitally sign documents and securely log on to their systems and applications.

The only way widespread adoption of strong authentication devices by businesses will take place is if the security industry moves away from proprietary management systems and agrees to an open architecture that smart-card and token manufacturers can design their gear to support, VeriSign chairman and CEO Stratton Sclavos says.

Security must improve, Gartner research director John Pescatore says. Businesses face increased threats from hackers using keystroke loggers to grab user names and passwords at Internet cafes and wireless hot-spots in airports and hotels, he says, and the user-name-password approach isn't effective enough to protect business systems, applications, and data. Says Pescatore, "It's an increasing problem, and corporations need to do something about it."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll