Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Verisign, RSA Seek to Change the Face of Passwords

    By
    Dennis Fisher
    -
    September 21, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Passwords as we know them could be yesterdays news if two-factor authentication solutions from VeriSign Inc. and RSA Security Inc. catch on with enterprises.

      Two-factor solutions combine a pass phrase with a key chain token that continually generates unique passwords that are used only once each time a user logs on to a network. The process is in stark contrast to traditional password solutions, which involve a single, user-generated password thats used continually over a period of time.

      VeriSign, of Mountain View, Calif., plans to debut its Unified Authentication managed service this week, which will give enterprises the ability to deploy USB (Universal Serial Bus) tokens to all their users for two-factor authentication, while allowing VeriSign to manage the infrastructure.

      Also this week, RSA, of Bedford, Mass., is expected to announce a partnership with a major Internet service provider in which the ISP will give its vast broadband user base RSAs popular RSA SecurID hardware tokens—a first for a U.S.-based ISP.

      /zimages/4/28571.gifClick here to read about the token-based plan touted by RSA and Microsoft in the spring.

      In both cases, putting two-factor authentication technology into the hands of millions of security-challenged users could be a boon for the overall security of the Internet, protecting accounts from being hijacked by spammers or crackers and protecting users identities.

      Potential customers of the VeriSign service say its integration with existing security and directory services will be key. “We currently use smart cards for log-in and identity purposes,” said Mark Deason, network administrator at Silverside Equipment Inc., in Reno, Nev. “If they can keep the cost competitive with other systems, like smart cards, and less than other biometric devices and show that it is actually a secure device to the security community, they might have a shot.”

      /zimages/4/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Both of the new offerings are grown-up steps on the road to eliminating the use of static passwords for authentication, a practice that is several decades old and is considered one of the weaker links in the Internet security chain. Most users, studies show, choose easily guessed passwords, while easy-to-use password-cracking tools are readily available.

      To be sure, online fraudsters have not been shy about taking advantage of this state of affairs. The Federal Trade Commission received more than 214,000 complaints of identity theft in 2003, and victims of Internet fraud reported losses of $200 million last year.

      One of the best ways around the problem of weak passwords is the use of hardware tokens, which can generate a one-time password that a user must enter, along with his or her user name or a PIN.

      The new VeriSign Unified Authentication service will use a hybrid USB token/ smart card from Aladdin Knowledge Systems Inc., of Arlington Heights, Ill., which includes the ability to generate one-time passwords and store user credentials directly on the device.

      /zimages/4/28571.gifClick here to read more about VeriSigns call for an Open Authentication standard.

      RSA is betting the technology will help protect online consumers, who, until now, have not had access to this kind of security.

      Under the terms of its new partnership, RSA will sell its SecurID cards to the ISP, which will in turn provide them to users of its premium broadband service. Instead of using a screen name and user-chosen password to log in, users will enter a PIN, along with the unique code that the SecurID token generates every 60 seconds.

      RSA officials declined to identify the ISP involved in the deal but said it is one of the largest providers in the United States. RSA is working on extending this program to other major U.S. Internet providers in coming weeks.

      Two-factor solutions

      How they work:

      • User enters secret, static PIN and presses button on token to generate unique one-time password, then enters that password into PC
      • Subsequent log-ins require generation of new passwords

      /zimages/4/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

      /zimages/4/77042.gif

      Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

      Dennis Fisher

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×