Friday, May 16

The SecurID Killer

I'm a fan of RSA's SecurID product. It's got a highly secure approach, nearly indestructible hardware form factor, lots of form factor options, tons of partners and coverage for apps, servers and devices, and a flawless track record. But the competition has been creeping up.

Some try a similar approach to RSA with key fobs displaying numbers or other hardware tokens:

ActivIdentity
Aladdin Knowledge Systems
EnTrust
CryptoCard
MyPW
SecureComputing
Vasco

Others have a software only approach:

AdmitOne (formerly BioPassword) - uses keystroke dynamics
Arcot - uses PKI
PassFaces - uses user's ability to remember human faces
PhoneFactor - uses mobile phone as the device

Some are biometric:

DigitalPersona
L-1

And they all have redeeming qualities. But many are susceptible to keystroke logger attacks (which are getting more and more sophisticated). Others are cheaply made hardware. Some just lack partnerships and market penetration.

But there's a new kid on the block. And it seems to be a very cool solution that may quickly become a force to be reckoned with. It's a very small form factor, seemingly very secure, extremely easy to use, requires no client software, inexpensive, and works on any platform.

Welcome YubiKey to the arena.

I'll let you figure out the details for yourself.

It won't allow you to converge a single credential for physical and logical access and it won't work across multiple systems (unless it's used with OpenID or something like that) and it won't serve as a single form factor for multiple uses (like signed email and remote VPN). But, it's a pretty cool new entrant to this arena. And that's a feat in itself.

Let me know if I missed your company and you'd like to be added to the list.

No comments: