Apparently, some of the employees of this organization complained about having to carry a token with them. I can understand that, but there are certainly other options -- think Blackberry or Mobile Phone token, software token, browser toolbar token, just to name a few. And even the latest token design is less bulky on your key chain if you elect to stay with physical tokens.So, if this message gets back to the SecurID administrator who posted that message, please reach out to us. We can make life easier AND more secure. It's not an either-or scenario. These users can install a soft token on their mobile device and then leave their hardware token at home where they use it most.
The proposed tethered-token solution really minimizes the organization's security investment. And I can only guess that this practice would have a negative affect on a security or compliance audit.
[Addendum: Dave was pointing to another article.]
No comments:
Post a Comment