Two security vendors this week announced new tokens, which are small pieces of hardware that users often carry on keychains to gain access to computers, often through a USB port. Tokens can issue one-time passwords that become invalid after a user accesses an application, or can contain user-authentication data as an enhancement or even replacement to passwords and user names.
RSA Security Inc. announced a new USB-enabled token, the SecurID SID800, which can store electronic credentials such as one-time passwords, digital certificates, and standard passwords. RSA also unveiled the SecureID SID700, which is 35% smaller than its well-known SecurID authenticator. RSA says it shipped its 20-millionth SecurID authenticator last quarter.
SecurID SID800 can be used for "strong authentication" (two or more ways of identifying a user) for RSA's Sign-On Manager identity-management application. A 64,000-smart chip sports enough room for up to seven digital certificates and three sets of username/password credentials. Pricing varies by quantities purchased, but the SecurID SID700 averages around $42 per device and the SecurID SID800 is priced around $50.
Strong-authentication competitor VeriSign Inc. announced that it will soon make available two new tokens. The company says it will offer a one-time password token with a total cost of operation per user of less than $10 a year. VeriSign also is releasing a dual-purpose USB authenticator with either 128-Mytes or 265-Mbytes of secure storage. The USB authenticators can be used to store one-time passwords, PKI credentials, and provide functionality similar to that of smartcards.
A survey released by RSA Security showed consumers are losing faith in traditional security measures. When asked if usernames and passwords provide enough protection for their personal information, 53% said no, compared with only 35% last year.