BioPassword Readies For Battle With Token Vendors

With Monday's release of BioPassword Enterprise 3.0, Issaquah, Wash.-based BioPassword adds tighter security, thin-client support and integration with the Citrix Access Gateway VPN and Microsoft Outlook Web Access. On the strength of the new features, BioPassword is positioning Enterprise 3.0 as a cheaper and more effective alternative to hardware-based two-factor authentication, according to CEO Mark Upson.

"There's no need to have hardware tokens for authentication because software can handle the task," Upson said. "This will be the breakout year for software-based multifactor authentication."

By supporting the Citrix Access Gateway, BioPassword now offers software-based authentication support for any Citrix environment, Upson said, adding that BioPassword eventually plans to support VPNs from all major vendors.

BioPassword's breadth of coverage gives organizations a way to implement one multifactor solution for use inside the network and for remote access, Upson said.

"Securing Outlook Web Access has been difficult because of the lack of integration hooks, and Enterprise 3.0 allows you to put a second factor of authentication on users coming in remotely," he said.

BioPassword Enterprise 3.0 is cheaper than hardware-based two-factor solutions and is easier to install, which means more services dollars for BioPassword's channel partners, expected to number more than 300 by the year's end, according to Upson.

Neil Issa, CEO at Catalyst Technology Group, an Indianapolis-based solution provider that works with financial institutions, said companies like BioPassword's ability to help them meet regulatory compliance directives from organizations such as the Federal Financial Institutions Examination Council (FFIEC).

"Outlook Web Access support is something that all of our clients are asking for, and the challenge/response architecture is also a solid security feature," Issa said.

Software-based authentication also works well with thin-client offerings from vendors such as Wyse and Neoware, enabling companies to virtualize their data centers and put low-cost terminals on the desktop, Upson said.

BioPassword Enterprise 3.0 also brings a knowledge-based security component that captures a series of "challenge questions" when the users enrolls and stores them in Active Directory. If users' typing patterns don't match their normal pattern, the software will flag the users and deny access until they answer the challenge questions, which strengthens the security of the environment, according to Upson.