Channel Abuzz Over Next-Gen Tokens

With new form factors, hideaway LCD screens and ground-breaking multifactor authentication, the new-style keys are smaller, more sophisticated and more secure than any of their predecessors. What's more, the new devices boast extra features, lower prices and higher margins, bonuses that have solution providers scrambling to get in on the technology and start scoring sales.

"The interest level [in multifactor USB authentication keys] is high," said Paul Kunze, director of sales at Intrasystems, a security VAR in Randolph, Mass. "Customers are looking for safer and more efficient ways to replace the unsecured password-only model."

At the forefront of these improvements are the new A-Key v3 Token from Authenex, Hayward, Calif; the ActivCard Token from ActivCard, Fremont, Calif. and the eToken NG with One-Time Password (OTP) from Aladdin Knowledge Systems, Arlington Heights, Ill.

Instead of relying solely on physical security, these new devices combine physical security as a primary authentication method with a secondary method that generates an OTP and incorporates PKI functionality to create digital certificates. The result is security that goes beyond the traditional key fob.

The new devices all boast tiny LCD displays that reveal a user's OTP. To login, users insert the token into a USB port and press a button on the token for an authentication password. The user then must input that password sequence into a separate authentication screen on the computer to receive access to the VPN.

Solution providers, such as Frank Darden, CTO of Mission Critical Systems, a Fort Lauderdale, Fla.-based reseller in Aladdin's channel program, say the extra security offers exactly the kind of secondary precautions that his customers need.

"The real attraction for people is that they don't need any sort of hardware to store their authentication credentials," Darden said. "The convenience of giving users digital certificates on a hardware device where they're not going to lose them is a great thing."

Barbara Oliverio, CEO of Alternative Technology, an ActivCard partner in Denver, said that price points around $15 each in a historically expensive marketplace could enable these devices to revolutionize the authentication market forever.

"Businesses can no longer afford to control user access to logical systems with single-factor authentication," Oliverio said. "While passwords are cheap and easy to create, users are too lazy to remember multiple passwords based on best practices %85 and need a second form of authentication."

Not every solution providers, however, think they can make much money off the new tools.

"Authentication tokens are an excellent source of add-on business, but they're not that big of a value-add to the customer," said Wally Cannon, practice area director at UDTprotia, a security reseller in Miami, Fla. "The technology doesn't really enable us to add a lot of services,as such, it's hard to make money [off them]."

For better or for worse, USB authentication keys are here to stay. A recent report from high-tech market-research firm In-Stat/MDR stated that the total market for USB-enabled devices will experience 18.3 percent annual growth between 2003 and 2008, making them even more commonplace in the months and years ahead.

Even RSA, the Bedford, Mass.-based hardware vendor that pioneered authentication keys in the late 1990s, said it plans to add OTP functionality and LCD displays to its SecurID authentication token product.

With such a bright future, solution providers who haven't already jumped into the USB authentication market are making plans to do so.

"We currently do not sell these kinds of things but are highly interested in them," said Scott Urbatsch, CEO of Polar Systems, Portland, Ore. "Within a year, most of our clients will be asking about some type of two-factor authentication, and we will be ready."