VeriSign’s Security Card Keeps Accounts Safe

Much of our digital information is stored and accessed through online accounts, most of which only offer a standard username and password authentication process. While this single factor authentication is sufficient for most cases, two-factor authentication offers enhanced security. But before I go any further, lets make clear what single-factor and two-factor authentication actually are.

In order to authenticate who you are online, you need to demonstrate one or more of the following factors:

  • “Something you know”, such as a password or PIN.
  • “Something you have”, such as a mobile phone, credit card or hardware security token.
  • “Something you are”, such as a fingerprint, a retinal scan, or other biometric.

Most online systems require only something you know, usually a username and password combination. The weakness of this system is the password because if it is too short or easily guessable then an attacker can brute force, or systematically guess every possible combination, until they have access and compromise your account. A password that is too long and convoluted can be a burden to remember though harder to guess by a third party. Adding another authentication factor will greatly increase your security as well as making the login process less cumbersome.

This is where VeriSign comes in. They have developed an identity protection service that gives you access to a random, one-time use password that piggybacks on your existing username and password credentials. The device used to deliver the 6-digit code is the size of a credit card and easily fits into a wallet. With the press of a button, a new set of numbers will be generated for you to authenticate with when logging in to protected sites.

VeriSign Identity Protection Card

The system isn’t perfect as the card costs $54 and only works with members of the VeriSign Identity Protection Network. Right now that network includes eBay, Paypal, and VeriSigns own OpenID service. Keep in mind this is still in testing mode. With online identity protection becoming a bigger issue, I can see this growing and including more members in the near future.

Some sites that I would really like to see participating in this program would be Amazon.com, GMail, and my bank USAA.com. If I relied more heavily on PayPal and eBay for my income I would definitely sign up, but for now I will sit out and wait for more sites to join before plunking down the $50.

For more information about two-factor authentication check out episode #94 of Steve Gibson’s Security Now Podcast.

One Response to “ VeriSign’s Security Card Keeps Accounts Safe ”

  1. Steve Gibson is a hysterical fearmonger with no real security credentials.

    Reply

Leave a Comment of Your Own