in Identity Management

Entrust IdentityGuard

Just found an interesting authentication solution:

“With Entrust IdentityGuard, users continue to employ their current user name and password, but are also provided with a second physical form of authentication based on an assortment of characters in a row/column format printed on a card. A user must successfully complete a coordinate challenge to demonstrate that they are in possession of the appropriate card.”

Entrust IdentityGuard

That doesn’t look bad – in comparison to all the other two factor schemes, this one is – I would imagine – reasonably cheap.

It also solves a lot of other issues with systems like RSA’s SecureID – distribution is much easier, loss or theft is less expensive, you can fax a replacement to some remote location.

A colleague just came up with a nice remark: he said that you should of course change the card often. My response: why not print a new one on your monthly salary report?

I like that.

Leave a Reply

  1. Barclays Spain’s Barclaysnet service has more or less had that since I started using it, oooh, three-four years ago. You only enter one co-ordinate, but it’s roughly the same thing. I have a nice plastic card sent to me through the post, and I also need ot know my ID Card number (not difficult to find out) as well as a 6-number passcode, which is private to myself. Not the most ideal of solutions but there you go.

    At one point, I did try to photocopy my card, as I thought it’d be nice to have a copy in my english wallet. The card has some stripes on it to help you distinguish the rows, so you dont’ get lost, it also has an interesting covering which makes black-and-white photocopiers unable to see the black letters over the dark green stripes, so it’s reasonably difficult to copy that way.

    I get asked for a co-ordinate, as well as my other identifying data whenever I log into the service, and just a co-ordinate whenever I ask for a transaction that debits money from my account to be made. I also get asked for co-ordinates when I’m using the telephone banking system, which uses the same card.

    All in all it seems to work quite well. I can see a number of flaws in its security model, but certainly not as many as I can with any of the other online banks (2) that I’ve used.

    A monthly card might be quite good, expect people will forget to put them in their wallets or whatever. That being said, my card hasn’t changed in a number of years. It’s about time I called for a new one.

    Also, it makes life slightly more difficult to scrape the web pages automatically, as a downside.

  2. Barclays Spain's Barclaysnet service has more or less had that since I started using it, oooh, three-four years ago. You only enter one co-ordinate, but it's roughly the same thing. I have a nice plastic card sent to me through the post, and I also need ot know my ID Card number (not difficult to find out) as well as a 6-number passcode, which is private to myself. Not the most ideal of solutions but there you go.

    At one point, I did try to photocopy my card, as I thought it'd be nice to have a copy in my english wallet. The card has some stripes on it to help you distinguish the rows, so you dont' get lost, it also has an interesting covering which makes black-and-white photocopiers unable to see the black letters over the dark green stripes, so it's reasonably difficult to copy that way.

    I get asked for a co-ordinate, as well as my other identifying data whenever I log into the service, and just a co-ordinate whenever I ask for a transaction that debits money from my account to be made. I also get asked for co-ordinates when I'm using the telephone banking system, which uses the same card.

    All in all it seems to work quite well. I can see a number of flaws in its security model, but certainly not as many as I can with any of the other online banks (2) that I've used.

    A monthly card might be quite good, expect people will forget to put them in their wallets or whatever. That being said, my card hasn't changed in a number of years. It's about time I called for a new one.

    Also, it makes life slightly more difficult to scrape the web pages automatically, as a downside.