Software Token vs Physical Token

Networking/Security Forums -> Physical Security and Social Engineering

Author: WBLKurt PostPosted: Wed Oct 01, 2008 9:26 pm    Post subject: Software Token vs Physical Token
    ----
We are currently using the RSA Securid physical tokens (Key Fob) and are considering switching to the Software token for Windows Desktops. I would like to know if anyone is using the software version and also what benefits would there be other than procurement and delivery.

Thanks!

Author: owen.nick@gmail.com PostPosted: Fri Feb 06, 2009 6:44 pm    Post subject: Re: Software Token vs Physical Token
    ----
WBLKurt wrote:
We are currently using the RSA Securid physical tokens (Key Fob) and are considering switching to the Software token for Windows Desktops. I would like to know if anyone is using the software version and also what benefits would there be other than procurement and delivery.

Thanks!


Last year, I had a "blog debate" about software tokens:
http://securology.blogspot.com/2007/11/soft-tokens-arent-tokens-at-all.html
and my response:
http://www.wikidsystems.com/WiKIDBlog/On%20the%20security%20of%20software%20tokens%20for%20two-factor%20authentication/

My feeling on it is that if you are limiting access to corporately managed laptops and/or can validate updated anti-malware/anti-keystroke software before granting access to the the VPN, PC software tokens are an excellent way to reduce your costs (which is what it is all about these day!).

If you use an SSL/browser-based VPN or Citrix Web Interface etc, and the tokens support mutual https authentication, then you are gaining protection against network-based MITM attacks. With the prevalence of public wifi and the many DNS attacks out there, this is a good trade-off IMO. (mutual authentication: http://www.wikidsystems.com/learn-more/technology/mutual_authentication and http://en.wikipedia.org/wiki/Mutual_authentication).

Also, I assume that there is no cost for "lost" tokens if you give tokens to consultants or your employees loose them frequently. IE, it is seat-based and not per token.

HTH,

Nick



Networking/Security Forums -> Physical Security and Social Engineering


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group