Strengths: Excellent integration guides; wide range of application and server support
Weaknesses: Tokens can get out of sync
Verdict: A huge range of application and server support is backed up by a wide range of tokens and integration guides
RSA SecurID is, perhaps, the best-known two-factor authentication product on the market. There is a huge choice of installation hardware, with support for Windows Server 2003, Solaris, Red Hat Linux, HP-UX, AIX and Novell Suse Linux Enterprise Server. We installed the software on Windows Server 2003.
The product is managed through the RSA Authentication Manager management console. It can link with an LDAP server, such as Active Directory, so that you can pull in your existing users. Unfortunately, you can't manage tokens directly from your current directory management tool.
There's a good range of hardware and software tokens, including software clients for BlackBerry, Java phones and Pocket PC. The tokens work a little differently to the other products we tested, in that a new single-use code is automatically generated every 60 seconds.
This means that registering new tokens has to be done with the provided CD, as this gives the server the required seed record to synchronise its key generation with the token's. It's a bit more work than asynchronous systems and means that the tokens can get out of sync with the server.
User management is fairly easy. You can choose a policy for each user, which defines the types of authentication they must provide to access network resources.
Authentication from other applications is handled by agents, with most web servers supported. We tested using IIS, which adds a new tab in a file's properties page, where you can add RSA protected access. There is also support for Windows domains, so you can get protected access from your client Windows XP machines.
RSA supplies an agent for Outlook Web Access, and Microsoft offers an IIS filter to perform SecurID authentication for web pages. The authentication manager also has a built-in Radius server, so you can integrate SecurID with other devices such as VPN appliances, and RSA has done a fair amount of integration with third-party APIs. One of the benefits of being a large supplier is that there is a lot of experience at the company; for example there are more than 250 integration guides to help you get SecurID working with your products.
SecurID's management might not be the best, but its integration with third-party products is second-to-none.