Become a VIP for free (and get secure on the web)
A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and general fiddlyness seem to have been fixed, but best of all is the use of a proper strong (soft) token, in the shape of VeriSign VIP Access for Mobile.
I first came across VIP when I saw the news that Verisign and PayPal had teamed up to do a deal on tokens. I wanted one, even if it was going to cost a few quid, but they were initially only available in the US, and I heard nothing more about them. Did the marketing guys lose interest, or did the phishing problem go away, or did something else come along? It turns out that eBay/PayPal will sell you a VIP hard token (a device with a button on it to generate one time passkeys [OTPs]) for $5/£3, but why bother when you can use a free mobile token on your BlackBerry/iPhone/whatever? The soft tokens can be used in a variety of other places, which begs the question of why other sites aren’t jumping on the bandwagon, and why nobody seems to be pushing this? Part of the answer might be the funding model; I’m not sure how Verisign are getting paid for this stuff, but I’m sure they’re not running their service as a charity for the web.
 Premier Edition only, as it needs SAML support
Filed under: identity, security | 2 Comments
Tags: authentication, google, identity, saas, security, strong authentication, tricipher, verisign, vip