There are numerous security devices available which help organisations to keep their data secure using strong multi-factor authentication, which is much harder to crack than single factor authentication and doesn’t rely on one-time passwords or SMS messages which can be intercepted and hacked.
Importantly, devices that support PKI or FIDO, store a unique secret on each device which is never exposed outside of the secure hardware. This provides effective protection against phishing as the user cannot share authentication secrets either deliberately or accidently.
There are several vendors who provide Smart Cards, USB tokens and even mobile phones can be used for PKI or FIDO authentication.
Yubico’s Yubikey’s are well known in the USB secure token arena, as are Thales, but there are many makes and models to choose from depending on what you want the token to be able to do and your budget. Some tokens now have biometric capability, so scans your fingerprint when you access certain files or systems.
Again, there are numerous suppliers of Smart cards, G&D, Thales, Idemia, Cryptas, plus many more.
The advantage with these is you can brand them, add images of the owner, and load it with other information. As it is part of the authentication process, you still need to insert into the device and input a pin to get to the valuable data.
Virtual Smart Cards
Virtual Smart Cards (VSC’s) work in the same way as physical Smart Cards, but they are already built into your device. For example, Microsoft and Cryptas are key vendors for VSC’s.
Management of Devices
Managing 10 or 100 individuals who have been issued a device of some kind, whether a smart card, USB Token or even a smart phone is possible via a spreadsheet, but what if you have thousands of employees, who all need to be issued a device for them to access files, or systems?
Secure devices such as smart cards, USB tokens, virtual smart cards, smartphones, and tablets provide organisations with a convenient form factor to securely store and use digital identities, but to deploy certificates to devices at scale, organisations need an efficient way to issue them and manage their lifecycle.
An effective credential management solution needs to integrate with the systems an organisation already has in place such as directories, identity management solutions and mobile device management systems.
Just as important as being able to work with a wide range of systems and technologies is the need to deliver the desired credential issuance and management processes with minimal impact on the end users and operators of the solution.
MyID® is a feature-rich credential management system (CMS) that enables organisations to deploy digital identities to a wide range of secure devices simply, securely and at scale.
Unlike passwords, one-time passwords (OTP) or other forms of MFA, MyID credential management uses Cryptography-based credentials to strongly bind a digital identity to an individual, enabling organisations to take control of their user identities, providing optimum protection against the number one case of data breach – weak or compromised passwords.
We work seamlessly with smart card and USB token vendors to provide the credential management software to easily manage your digital identities.
For more information see MyID