Entrust today has announced the introduction of one-time password tokens at $5. This is substantialy below the existing prices offered by competitors such as RSA and Vasco Data Security.
Bearing in mind that one-time password tokens don't stop phishing attacks, this offering however is still very good news. Most enterprises still use passwords as their main form of authentication. As has been well documented, passwords are very insecure. Therefore, enterprises need to consider different forms of authentication. The historical cost of one-time password tokens has been an impediment to wide-spread adoption of this method.
Enterprises considering Entrust's new one-time password offering however, need to consider the use of these as only part of a more in-depth enterprise authentication strategy. As the user drills towards more sensitive information, applications of building access, multi-factor authentication needs to be used.
Even with the use of multi-factor authentication, enterprises must assume that these methods too may be bypassed. Therefore, for protecting the enterprise crown jewels, they should deploy transaction authentication which in addition to the use of strong authentication, checks the user's physical hardware, their IP address, geolocation, time of day and past user history profile before letting the user in.
There is no one silver bullet in authentication. While the Entrust offer makes the use of one-time passwords more affordable, it is only one of many tools an enterprise must use to properly defend itself against attacks from organized crime.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us