RSA SecurID Passage
April 01, 2003
from $50 per user
- Ease of Use:
- Value for Money:
- Overall Rating:
A familiar method of secure access.
Slightly messy documentation.
Capable solutions for administrators experienced in this methodology.
RSA is usually associated with token solutions, providing dynamic one-time password facilities plugged into back end authentication servers like RSA's ACE/ Server. But there are times when a token is not ideal: you have lease costs to consider, the server-side requirements are relatively high and inexperienced users can find one-time passwords tricky to handle.
Smartcards offer an alternative, providing a less bullet-proof but more flexible authentication solution. Using a Java platform, the card can be loaded with multiple identities or custom applications, keyed to specific users and providing strong authentication. The flexibility also extends to physical security, with smartcards well suited for integration into physical access control or ID badges.
SecurID Passage marks RSA's foray into the smartcard marketplace, offering Microsoft Windows based client software to authenticate and manage a compliant smart card, such as RSA's SecurID 5100. SecurID Passage supports authentication via a number of methods, including X.509 certificates, CAPI, SSL and standard card readers.
It can also be used for digitally signing and encrypting email messages, and can store multiple certificates and private key pairs from standards-based certificate authorities.
The software replaces the standard Windows logon. When the card is removed, the workstation is locked and requires re-authentication to be unlocked.
In our test, the product worked well, but the supplied documentation was disappointing. If you are investing in an RSA solution, you might expect more than a CD-ROM peppered liberally with PDF and DOC files. These invariably mean that the systems administrator must wade through them all in order to find the relevant information. And although reasonably written, this approach is in contrast to other products, which supply physical manuals and associated documentation. RSA has since informed us that it is issuing manuals with the production version of the package.
Once the system is up and running, however, the systems administrator should find it perfectly workable, although we felt the SecurID methodology seemed less intuitive than many of its newer counterparts.
These days simplicity goes a long way with end users and can help to reaffirm corporate security policies.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry