RSA and VeriSign Partner on Cloud-Based OTP Service

http://www.rsa.com/press_release.aspx?id=10462

This is an interesting response to MultiFactor Corporation’s cloud solution.   Having RSA and VeriSign try to tweak and then reposition what many view as cumbersome, old, expensive technology as “cloud-based” is validation of SecureAuth and our vision.  However, the problem is that their joint solution delivers primarily on buzz words while keeping the hassles and challenges that users want to be free from.  SecureAuth was designed from its inception on modern web architecture to provide its customers true browser-based, strong, secure access without the cost and burden of special hardware or client software.   

According to the headline on the joint press release, the new arrangement “allows channel partners to offer users managed, shared authentication to access multiple Websites”.   It appears that you will need every user to own and carry an RSA SecurID token to access VeriSign VIP which then can be configured by their partners to let you into other “participating” websites.   What’s left out are enterprise applications and networks (VPNs).  Additionally, users still need to type in little numbers from a plastic token or fat mobile phone application every time they log-in.  

Quote from the release:  “The alliance of two powerhouses with the integration of RSA SecurID technology into VIP will strengthen their combined market leadership and work to increase the collective clout of both VeriSign and RSA”.   We hope to keep our customers happy with an innovative product and good service, rather than wielding clout.   Sounds like they want to keep customers locked into a lucrative, albeit dying, OTP cash cow business for both of them. 

If you are truly interested in a two factor authentication and identity solution that has been designed to meet enterprise cloud security needs, please allow MultiFactor to show you what our customers know:  There is a better alternative to RSA SecurID and VeriSign.  Of course, we also can offer the same, singular solution for secure websites, web applications, enterprise applications, identity management systems, IPSec VPNs and SSL VPNs.

In the next post we’ll explore how these dinosaurs are responding with their own SecurID token alternatives.   RSA calls it the “RSA Decision Tree”.  For those willing to give up more security and flexibility, they’ll go a bit easier on the price.