TriCipher Armored Credential System
Strengths: Splits user credentials for added security
Weaknesses: Can be complex to integrate
Verdict: TACS provides some of the strongest authentication money can buy
TriCipher's Armored Credential System (TACS) is an appliance designed to add secure two-factor authentication to your entire network. The system comes with three appliances, and a dedicated mirroring link to connect them for high availability and performance.
It differs from the other products we tested in the way that it handles credentials. The appliance itself is a FIPS 1401-1 Level 2-rated data vault, which is used to securely hold part of a user's credential. The other part is held by the user and can be as simple as a password, or a combination of a token and password.
To authenticate the user, both parts of the credential have to be combined. The upshot is that if this is not done, the user can't be authenticated and, as the credential is stored in two different places, stealing the entire thing becomes difficult.
There's a choice of authentication methods, too. The simplest form is clientless and uses a secure-browser cookie. For a more secure link between the client computer and TACS, there's the TriCipher Identity Protection Tool, which sits on a Windows PC. This gives a flexible range of protection and you can vary the level of authentication depending on users.
Management is performed through a dedicated management application. This offers a granular level of control over your environment and you can create a range of different administrators each with different privileges.
Creating new users is easy, and you can also synchronise with an LDAP database to get your existing user list. Once populated you can assign policies for each user or group, which defines exactly how they authenticate with the server. TriCipher's documentation is pretty good and it shouldn't take too long to get to this point.
The difficult part is integrating the TACS with your existing applications. The appliance comes with standard APIs, but this will involve redeveloping your applications to pass authentication off to the TACS. Alternatively, TriCipher also sells an Authentication Gateway appliance, which come preloaded with a web server and is integrated with the TACS APIs, which should make it easier to integrate TACS with your web applications.
The security provided is excellent and it's the only product on test that splits up a user's credentials safely. However, it's a serious product and you will need the help of developers in order to integrate it.