RSA fleshes out identity guards

Firm plans winter security releases

RSA Security advanced its plan to make strong encryption ubiquitous and passwords less burdensome with the announcement of a series of product updates during October's European conference in Vienna.

The company will, in November, release Sign-On Manager 4.5, bringing together two-factor authentication and enterprise single sign-on for Windows desktops. And if users forget or mislay primary authentication methods they may still access PCs by answering a series of administrator-controlled questions, which ensure that security is maintained.

RSA also said it would work with firms including Microsoft and Sun to let them provision identity access management systems. Microsoft will integrate RSA capabilities with its own Identity Integration Server while Sun will do likewise through its Java System Identity Manager. The other provisioning partners are Courion and M-Tech.

Meanwhile, the company’s consumer push will be helped next month with the release of Authentication Service, a way to access multiple web sites using a single security credential.

Although strong, multifactor authentication is still regarded by some as only appropriate for high-end tasks, RSA said successes elsewhere suggest that such protection should be used more broadly.

Italian bank UniCredita Banca is to issue its customers with tokens that generate a password every 60 seconds to protect transactions, for instance. RSA hopes that examples like this will help to restore trust in the internet.

“There’s a carrot and stick here,” said RSA marketing director Tim Pickard. “Banks want customers to move online but they have to present a security incentive.”

Speaking at the event, RSA chief executive Art Coviello called for flexible legislation and adherence to standards such as ISO 17799. “We’ve come so far, so fast,” he added. “It’s time to take back the internet and create a culture of trust.”