Reports about the death of the hardware two-factor authentication have been very premature.
Following claims by Goode Intelligence that mobile authentication market is predicted to grow significantly over the next five years but with major vendors losing ground to authentication specialists, SMS authentication providers SecurEnvoy, further claimed that the trend will mean the death of the hardware token.
However Dave Abraham, CEO at Signify, claimed that the death of the token is greatly exaggerated. He said that while the demand for two-factor authentication is on the rise, and this sounds ideal, it is not the full picture as the simple truth is that tokens remain the best solution for frequent users who rely on getting secure remote access to systems and information from any computer at any time.
Abraham said: “Road warriors, home workers or systems engineers, for example, often log into many different portals every day and requesting or obtaining passcodes from a mobile phone or PDA is far too much hassle.
“What's more, tokens are not limited to a particular platform such as Windows and are not reliant on how secure a mobile phone network is, good network coverage or the battery life of the phone. They are also more robust. RSA tokens will work even if dropped from a great height or it they fall in a glass of water. The same is not true of the mobile phone.”
He said that despite this, there is room for tokenless authentication as it is ideal for infrequent or temporary users and for those that simply do not want to carry a separate device, such as occasional users, contractors, part-time staff and those checking email from home.
“The reality is that it's a case of ‘horses for courses', depending on the organisations, the user's working requirements and the data and applications they are accessing. In fact, for most organisations the question shouldn't be which option to go for, but what combination of token and tokenless authentication they need,” said Abraham.
“The ability to mix both token-based and tokenless two-factor authentication within an organisation means that authentication can be tailored to meet specific needs, budgets and working patterns. But, having realised the benefits of deploying both token and tokenless two-factor authentication, the problem organisations will face is that most two-factor authentication vendors will only offer one or the other.”