Skip Links

Smartphones take center stage in two-factor authentication schemes

SecureAuth IdP wins test of 8 software-based authentication systems that deliver enterprise-level security

By David Strom, Network World
May 20, 2013 06:01 AM ET

Page 3 of 9

SecureAuth, SafeNet and Microsoft had the best value for the number of features offered.

2. How apps are secured:

We tested each product to harden a sample Web app running on a Microsoft IIS server along with connecting to SaaS-based services such as Google Docs and We also looked at how many specific apps can be connected to the two-factor product and what kind of documentation is available to configure and debug these installations.

RSA, SecureAuth and Symantec were the most capable here.

3. What is the end user experience?

We looked at how the second factor comes into play during the user login process, and how cumbersome/easy is it to enter. With some products such as Symantec and SecureAuth, you can set up multiple token types, and then choose at login time whichever one is more convenient. We also looked at the procedures involved in bypassing the token if it isn't working. Finally, we wanted to know if the product could scale. With the exception of TextPower, most were quite scalable.

4. Reporting and monitoring:

We examined the various reports available and what happens when something goes wrong and how IT managers are notified. Some products can export or schedule reports as well.

Microsoft, Vasco and Celestix had the best reports.

5. Pricing and free trials:

RSA and then Vasco were the most expensive and SecureAuth the least. While most vendors only charge a couple of bucks per month per token, with a large installation this can add up. There are quantity discounts, multi-year price breaks, and 24x7 support fees. Each vendor has different ways to calculate prices: some charge on a per-token basis, some on a per-user or per-server basis, and some have prices for added components.

Celestix, PhoneFactor, Safenet and Symantec all make it very easy to start a free trial of their services with sign up forms on their respective websites.

Here are the individual reviews:

Celestix HOTPin

If you are looking to protect your Microsoft infrastructure, Celestix HOTPin supports Microsoft's Forefront's Unified Access Gateway for Microsoft's VPN, Web, and Outlook/Exchange technologies.

HOTPin comes as a pre-installed hardware appliance or it can be installed on Windows Server 2008 R2, which is how we tested it. The first time we installed the software it didn't finish and had to be re-installed. We also had some trouble connecting it to our Active Directory store, but once we did it automatically synchronized our users between AD and itself. There is a separate Web interface to handle the configuration, reporting and management tasks, in addition to the Windows-based server and Web-based self-service user portal components.

HOTPin supports a wide variety of soft tokens, including smartphone apps, email and SMS messages, plus hardware tokens. It is primarily a RADIUS-based device, meaning that if you are using it as a second factor for your VPN login, it shouldn't take too long to get it setup, and there are documents on how to setup the leading VPNs and firewalls from Cisco, SonicWall, and several others.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News