RSA SecurID

SecurID Token

Picture clipping

RSA SecurID SD700 Token

What is RSA SecurID?

RSA SecurID is a form of "two-factor" authentication. However, before going into the nuances of SecurID, it is best to introduce you to authentication issues as a whole.

Types of Authentication

Authentication is simply making sure that a person is who they say they are. Showing your driver's license is a form of authentication because it has your picture, name and other identifying data on the license whereby someone can reasonably say that it is you (or not you).

Authentication to an internet or computer resource is no different. The most common type of authentication is username / password. However, password authentication is wrought with issues.

What is wrong with password authentication?

•  Passwords can be easily cracked by brute force or social engineering (finding enough information about the person to be able to guess the password, if the person used a common thread such as spouse's name, pet name, child name).

  If passwords are shared, there is no way to identify who was really logged in.

  The easier it is for a user to remember their password, the easier it is to crack.

  Users forget passwords, which prompts a call to a help desk. Each password reset can cost up to $50.

Two-factor authentication is different because it uses two pieces of information to verify your identity; something you have in your possession and something that you know. The easiest way to illustrate this is comparing it to your debit card. When you go to the ATM to get money with your debit card, you first put the debit card (something you have) into the machine, and then you are required to enter your PIN (something you know). Neither one of these pieces by itself can verify the identity. They have to be used in conjunction with each other.

How Does RSA SecurID Work?

RSA SecurID works in the same manner. A user has a token (see picture above) that they use for authentication. The token displays a randomly generated six digit number every 60 seconds. The user also uses a PIN in conjunction with the token to verify their identity. When a user is prompted for their "PASSCODE", they enter their PIN (from four to eight characters) followed by the six digit number on the token.

Why is this form of authentication better?

  If the token is lost or stolen, the token alone cannot be used to authenticate without knowing the PIN2

  If someone knows the PIN but does not have the token, they cannot authenticate unless they successfully guess the six digit number.

  There are no infinite amount of attempts. A token is generally disabled after 10 consecutive failed login attempts.

RSA SecurID is the "gold standard" when it comes to user authentication. It can easily be implemented and deployed in small, medium and enterprise environments. We at MBD Consulting are very familiar with SecurID technology and have deployed it in many environments for many different types of use. While it is generally used to authenticate to corporate networks via VPN (Virtual Private Network) it can also be used to authenticate to web applications and other types of applications where strong authentication is a must.

Call or email us today for a free consultation on how RSA SecurID can enhance the security of your environment.

EMC, Where Information Lives, RSA, The Security Division of EMC, RSA, SecurID and EMC are registered trademarks of EMC. All other trademarks are the property of their respective owners. MBD Consulting, LLC is an independently owned company.

Copyright 2010 by MBD Consulting, LLC