Skip Links

Smartphones take center stage in two-factor authentication schemes

SecureAuth IdP wins test of 8 software-based authentication systems that deliver enterprise-level security

By David Strom, Network World
May 20, 2013 06:01 AM ET

Page 7 of 9

The cost for a 100-token configuration is $1,950 per year, the lowest cost product reviewed. This includes all the software and support. And the per-token cost could be lower still at higher quantities. We applaud their simple pricing model. Given the price and extensive feature set, IdP should be on anyone's short list.

Symantec Validation and ID Protection Service

Symantec has been in the two-factor authentication space for quite some time and it shows by the number of different ways that you can deploy and integrate their service. VIP has a wide selection of tokens, including desktop and smartphone apps for the majority of phones, using both the SMS service and voice calls, and various hardware tokens. VIP has more than 30 integration methods for common apps, such as Sharepoint, Cisco, Juniper and SonicWall VPNs, and others.   

VIP is cloud-based with various software agents, which is both convenient and frustrating, as there is a lot of software to download, install and configure. You sign on to the cloud-based service and start reading multiple manuals for each component. The first stop is the VIP Enterprise Gateway, which acts as a bridge between the cloud service and your on-premises network and AD user store. It requires the 64-bit version of Windows Server 2008 R2, and you'll also need Active Directory Federation Services v2, Visual C++ 2010 SP1, and IIS v7 to make the connection between VIP and AD. While that may seem like a lot of underlying software, you probably have most of it already in-house. Once this is working, you can synchronize your users in AD with the VIP service.

VIP supports multiple access methods: you can use the AD/Radius connectors for various other applications such as VPNs or install SOAP or Javascript code on particular Web services. It doesn't support SAML services directly, although they plan on adding it later this year. Once you set up all your connectors, you run the Web-based VIP Manager console to add or remove tokens to user accounts, run reports, and see what is going on across your entire token collection.  

VIP has two weaknesses: First is its reports, which are fewer than its competitors and not very customizable, although they can be exported. Second is the lack of policies for granular or group access: each user has to be set up with particular token credentials.

Three years of VIP service for 100 users is $9,500. Additional years are $1,500 per year, and volume discounts are available. These prices include an initial setup fee and some support and they are just for soft tokens: hardware tokens are extra. One downside is that Symantec charges 7 cents apiece for SMS messages and 25 cents for voice calls.

TextPower

Even though it is more of a tool kit than a product, we wanted to include TextPower in this review because of a very innovative method of handling the second factor authentication. Most phone-based systems call your phone and you acknowledge by copying the information into your browser.

But TextPower does this in reverse: It displays a one-time password code on the browser and asks that you text the code back to their servers from your phone. This serves two functions: first, you completely avoid any man-in-the-middle attacks because there is literally nothing in between you and the login server. Second, their system captures the originating phone number. If somehow a hacker had gotten your phone and if they attempt an intrusion, TextPower records the text message that is received. They then analyze the text to make sure it is coming from the phone associated with a particular user ID before access is granted.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News