RSA Security is holding out consistent treatment of user authentication across applications, and automated procedures for the troublesome problem of lost passwords, as two attractions of its new Sign-On Manager.
The new authentication platform for the first time combines single sign-on with RSA’s two-factor identification — the user must both know a password and provide some other identification such as a token that they hold.
Two-factor authentication mitigates the widely perceived risk that single sign-on offers “the keys to the kingdom,” says RSA’s Australia/NZ business development manager Mark Pullen; that once one authentication barrier is passed, the user can do anything on a wide range of applications.
Applications typically vary in the policies they adopt for authentication, Pullen says. Sign-On Manager maintains a single authentication policy on a central server, with interfaces to the most widely used applications. Currently the company has “hooks” for 90 applications, running on mainframe, Windows and Unix/Linux platforms, he says.
RSA’s IntelliAccess technology mitigates the lost password or lost token headache, which consumes a lot of the time of a typical helpdesk. A user who has forgotten a password or mislaid a token is fed a random selection of questions, typically three out of a pre-prepared database of 20 questions and answers, “but the number is set as part of the policy”. The right answers get the user emergency access until the longer-term problem can be fixed — perhaps just by finding a mislaid token.