InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,180.74
(
1.03%
)
US TECH 100
17,599.60
(
1.04%
)
Dow Jones
38,852.27
(
0.46%
)
Brent Oil
83.32
(
-0.19%
)
Bitcoin
63,777.49
(
0.97%
)
Post# of 248809
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2570
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Monday, 10/15/2018 11:18:58 PM

Monday, October 15, 2018 11:18:58 PM

Post# of 248809
Interview: RSA's Craig Dore on the basics of MFA

https://itbrief.com.au/story/interview-rsa-s-craig-dore-on-the-basics-of-mfa

Excerpts:

This is very secure because the device is air-gapped, meaning it is not connected to the Internet or another network. Instead, the numbers (the “token code”) are generated using a time-based algorithm.

This solution isn’t great from a user perspective as it is cumbersome, but are sometimes required, especially when working in locations where phones aren’t allowed, like data centres.

In general the smartphone and hardware-based examples are much harder to exploit, but they require some amount of additional management to properly implement in an organisation.

Best practice would mean that a fingerprint or push notification isn’t considered the absolute best proof of a user’s identity. Instead, these authentication methods should be married to another dimension relating to user access - their behaviour over time.

Take for example, a user logging into the same application at the same time of day, from the same device from within the corporate network every week day. A system that could silently take this into account automatically is a “smart” authentication platform.

Such a “smart” system would not bother the user with a MFA challenge every time they logged in following this pattern. Only when the user deviates from this established behavioural pattern, the platform would automatically detect this and challenge the user accordingly. This can be best described as a “risk-based” or “adaptive” authentication platform.
=================================================================
How effective or 'cumbersome' is this risk-based platform of RSA?

Wave had a White paper (Virtual Smart Card 2.0 from Wave) on the virtual smart card that revealed a major security shortcoming in the 'air-gapped' token product that is deemed 'very secure' in the excerpt above.

If the securid token is insecure, how strong is the risk-based platform with it?
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

Get better security at less than half the cost

Passwords are weak. Tokens are expensive. Don’t compromise on security or price.

Wave Virtual Smart Card does anything your physical smart cards and tokens do, but it starts with hardware you already have: the Trusted Platform Module (TPM), a hardware security chip built into the motherboard of most business-class PCs. You may not even know you have it, but once you do, the TPM can be used in a myriad of ways. Wave turns it into a smart card, embedded directly into your laptop.

What can it be used for?

What do you use your smart card for today? With the exception of keying open the door at work, Wave Virtual Smart Card can perform any of the services or applications you rely on your smart card for today. Secure VPN, WiFi, remote desktop, cloud applications – it can all be done with a virtual smart card.

One helpdesk call you'll never get: "I lost my virtual smart card again..."

There are so many ways to lose a token – couch cushions, street drains, curious toddlers. In fact, up to 30% of all tokens are eventually lost. It’s much harder to lose a laptop, and you notice a lot faster when you do.

The user experience with a virtual smart card is simple: he or she logs in with a PIN (authentication factor number one). The TPM (authentication factor number two) then transparently identifies the device to the network and connects the user to all the approved services. It’s one less thing for users to carry around.

What will you do with >50% TCO savings?*

Tokens and smart cards require an additional hardware purchase, plus the time and money to ship to remote users. Use something that’s already in the users’ hands (the TPM), and your acquisition and deployment costs are lower.

Then consider the management savings in not having to replace lost and stolen tokens. That means fewer helpdesk calls, less interruption of user productivity, and fewer acquisition and shipping costs.

When we say “secure”…

…we mean it. Our solution starts with a proven hardware root-of-trust. Multi-factor authentication is an established best-practice for strong authentication: the TPM-based virtual smart card is one factor (something you have) and the user PIN is a second factor (something you know).

*Actual number may vary. Contact us today to receive more details and a free quote.

Full lifecycle management of virtual smart cards
• Intuitive interface to create (or delete) virtual smart cards
• Command line option to create and delete virtual smart cards
• Flexible PIN policies
• Helpdesk-assisted PIN reset and recovery
• Generates reports for compliance
• Integrates with Active Directory
• Supports familiar use cases
Virtual Private Network (VPN)
? Local logon
? Remote logon
? Remote desktop access
? Intranet/Extranet
? Cloud applications














Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up