Strengths: Numerous token and zero-footprint options for strong authentication
Weaknesses: LDAP integration, cost, ease of use
Verdict: ID Vault adds stronger authentication, can grow using TACS to provide two- and three-factor options
The TriCipher Armored Credential System (TACS) is a unified authentication infrastructure that protects online identities from fraud and identity theft by issuing and managing a variety of secure, easy-to-use and low-cost credentials.
TACS is an appliance product; initial deployment and configuration will require some effort. Our review was conducted virtually so we can't report on server-side implementation.
The system uses traditional two-factor tokens but also adds an added layer of security through the use of the ID Vault appliance. One part of the TriCipher credential is generated on the user's computer and the other is stored on the ID Vault appliance, providing protection of the user's online identity while maintaining the user experience of entering a username and password. To successfully authenticate, both parts of the credential must be combined. This offering does require a software component to be installed on the device but a zero-footprint option for web-based strong authentication is also available and uses browser cookies and certificates.
TACS integrates armoured passwords and knowledge-based authentication as authentication factors. Additionally, the TriCipher ID Tool plug-in is used for web-based applications to authenticate users and transactions, digitally sign documents, encrypt and decrypt email.
The product integrates with most other solutions (except for LDAP and AD, which means manual user entry), including web servers, identity-management solutions, digital signing, single-sign-on solutions and various SSL/VPN solutions. The token options were numerous and included both two- and three-factor platforms, hardware and software tokens and X.509.
Although the zero footprint and ID Vault make TACS easy to deploy and seamless for the end user, loss or theft of a portable device will allow access to the secure system if the username and password are cracked, as the second-factor authentication resides on the device.
Phone and email support are available on a 24/7 basis for an hourly fee.