February 23, 2005 4:00 AM PST
Finding a replacement for passwords
(continued from previous page)
RSA technology--passing out a small number of the devices to customers for free. The company plans to decide later this quarter whether to expand beyond a few hundred early testers.
RSA said there are about a million consumers using its authentication technology, through a variety of pilot programs. Other companies that are eyeing the technology include financial institution Credit Suisse, Yahoo and Sony Online Entertainment.
Joffe said that Sony is "seriously considering" offering the RSA token to some of its customers. While game characters and points may not have the monetary value of a bank account, such identities are just as important to protect from online fraud.
"I wouldn't say (fraud is) a huge issue, but it's an issue," he said.
RSA's hope is that many number of companies will sign up for the program and that consumers would need only one token to manage a variety of accounts. Some businesses will give out the tokens free, while others may make customers foot part or all of the bill, the security provider believes.
Although the devices have the potential to help cut fraud, RSA Vice President Christopher Young said the company is selling consumers as much on peace of mind as on cost savings. He likens it to the alarm that guards his house.
"I haven't had anyone break into my home before," said Young, who until about two months ago was head of safety and security premium services at America Online. "It makes my wife feel more comfortable when I am traveling, and I travel a lot."
Tony Gentile, a San Jose, Calif.-based Web marketing consultant who runs a site called Buzzhit.com, said he would like to see a second method of authentication for many online activities, including banking, stock trading, Web-based health care and electronic voting.
But, he warns, any system is fraught with challenges. And he's not sure he or other consumers are ready to pay for it.
"The devil's in the details here," Gentile said. Tokens have a place, he said, but that place is not the same in each business. "What's appropriate for one type of business and usage pattern may be very different from another."
There is also the issue of convenience. While RSA's tokens are small enough to fit on a keychain, they are also easily lost. People might be amenable to carrying one token. Less appealing to people is the prospect of needing one device to verify themselves to a bank, then another for their stockbroker, and ending up with a bunch of tokens.
A solution would be for online service providers to agree on a single product or standard. For now, it's unclear whether companies will come to an agreement on this. RSA, for its part, said it will try and work not only with its devices, but also with similar devices from others.
End of the line?
Some analysts do see the password fading as the primary means of authentication, particularly for online banking.
In a December report, Gartner estimated that by the end of 2007, 60 percent to 75 percent of U.S. banks will use something stronger than a password, but stop short of giving out hardware tokens. Roughly 7 percent more will go as far as to hand out something like the RSA token, the research firm predicted.
Overseas, the overwhelming majority of banks will require something more than a simple password, with anywhere between one-third and one-half of banks requiring a hardware token, Gartner analysts said.
The bad news in Gartner study is that by the time many of these new systems become common, the thieves will have also moved on. By the
7 commentsJoin the conversation! Add your comment