Two-factor authentication has been steadily gaining in popularity, as it’s proving to be a far better choice for providing secure access to systems, network services and applications than standard passwords. It requires a user to know and possess something; this dual approach means you can make the password simpler and easier to remember.
Vasco’s Digipass requires a user to remember only a PIN, which is associated with a smart card that they insert in a reader attached to the system they want to access. At less than £150, the Pack for Network Authentication is good value, as it includes five USB readers and smart cards. Not only does it provide local authentication on each system with a card reader attached, but it can also provide SSO (single sign-on) functions, as you can apply the card and PIN partnership to the Windows logon process and also store authentication details for web servers, native Windows applications, Terminal Servers and Citrix MetaFrame servers.
You start by connecting the card reader where the embedded Windows drivers are loaded automatically, and then you install the Digipass SAS software (which doesn’t yet support Windows Vista). Your first job is to initialise the smart cards by popping them in the reader and providing a PIN along with details of the owner. A PUK (personal unblocking key) is generated and needs to be recorded, since this is used when a card has been blocked due to too many incorrect PINs being entered.
You’re now faced with four different consoles offering varying levels of access to the SAS software, although the admin and advanced options are, to all appearances, exactly the same. Setting up the card for Windows logins is easy, as you create a new entry under this tab, provide a username and password, and decide whether to shut down or lock the computer when the card is removed. After rebooting our Server 2003 test system, we simply inserted the smart card, entered our PIN and were automatically logged in as the user configured on the card.
The auto-learn function will prove useful for web server logins. We directed the browser on our protected system to a remote Kerio webmail server and, as soon as the user login page came up, Digipass popped up a dialog box asking for our credentials and, once furnished with them, it automatically created an entry for this in the card’s memory.
For Windows application login details, you use the learning and macro-recording tools. We pointed a browser at our secure FTP server and, when the logon screen appeared, we started the learning process from the System Tray icon: you drag a crosshair onto the logon window, start the recorder and then enter your details. A new entry is automatically created on the card and, whenever the application is loaded, the logon details will be entered once you’ve provided your PIN.
Muddled documentation aside, the Digipass is a smart solution for applying two-factor authentication and SSO functions in a single package. It’s easy to use and, since all the authentication details are securely stored on the cards, you can take them with you and use them on any Digipass-enabled system.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
Comments are closed.