RSA puts SecurID into card form factor

Company takes SecurID worldwide as a card to ensure account security
June 11, 2008
2 min read
Photo courtesy RSA
RSA has announced worldwide availability of its SecurID card, which randomly generates a synchronized numeric code that can be used for two-factor authentication.
RSA has announced worldwide availability of its SecurID card, which randomly generates a synchronized numeric code that can be used for two-factor authentication.

The concept of RSA SecurID's system is that a user and an access authenticator (such as a financial institution controlling access to its accounts) share a seemingly randomly generated number that can be added to a password or entered as a separate field. The concept is that even if someone had access to or stolen a person's username and password, they'd still need the random number provided by RSA to access an account or access to a PC/network.

RSA has been known for delivering this random number from a synchronized token, and the number typically is set to change about every 30 seconds. Essentially the system provides two factor authentication: Something you know (the username and password) and something you have (the token).

The numbers were typically generated on a token that is quite comparable to many USB "thumb" drives, and in fact RSA had versions that had USB ports on them as well, but today the company has introduced a new form factor that would fit well into the wallets of users everywhere. The company announced worldwide availability of a card style SecurID token device about the size of a standard credit card, with a small LCD type screen to display the auto-generated number.

The card targets regulations like the U.S. government's guidance from the Federal Financial Institutions Examination Council (FFIEC) for two-factor Internet banking authentication, and there are similar initiatives under way in Singapore, Hong Kong and Malaysia for banks. Mexico, Chile and Colombia also have two-factor authentication regulations in place. Bank of America's Asia operations already have a SecurID initiative underway, as does PayPal, and some U.S. bank operations, including Commerce Bank and Zions Bank. Some financial institutions have subsidized the cost of the cards/tokens to their users in an attempt to expand the adoption of two-factor account authentication.

While increasingly popular with financial institutions for online access, the RSA SecurID solution has not been typically adopted by the physical security/access control community, which has often already been based on something you have (the standard access control card). However, the technology could fit into PIN-entry type access control systems as a way to ensure that employees can't simply give their PINs to other users for illegal access without having to also give them SecurID token or card.

Sign up for SecurityInfoWatch Newsletters
Get the latest news and updates.

Related

From Synthetic Identities to Synthetic Receipts: The New Frontier of Fraud
Editor’s Note: It’s Not Just an “Easy Button”
Solutions to Prevent Employee Theft and Sabotage
Sponsored
Streamlined, Open Design for Superior Security Screening
Sponsored