Become a VIP for free (and get secure on the web)

06Oct09

A little while ago I put out a plea for stronger authentication for Google Apps, and it seems that my wish has been granted with Tricipher launching their myOneLogin for Google Apps[1]. I had tried myOneLogin before, and frankly wasn’t too impressed. This time things are different though, the issues I’d seen before with Chrome compatibility and general fiddlyness seem to have been fixed, but best of all is the use of a proper strong (soft) token, in the shape of VeriSign VIP Access for Mobile.

I first came across VIP when I saw the news that Verisign and PayPal had teamed up to do a deal on tokens. I wanted one, even if it was going to cost a few quid, but they were initially only available in the US, and I heard nothing more about them. Did the marketing guys lose interest, or did the phishing problem go away, or did something else come along? It turns out that eBay/PayPal will sell you a VIP hard token (a device with a button on it to generate one time passkeys [OTPs]) for $5/£3, but why bother when you can use a free mobile token on your BlackBerry/iPhone/whatever? The soft tokens can be used in a variety of other places, which begs the question of why other sites aren’t jumping on the bandwagon, and why nobody seems to be pushing this? Part of the answer might be the funding model; I’m not sure how Verisign are getting paid for this stuff, but I’m sure they’re not running their service as a charity for the web.

[1] Premier Edition only, as it needs SAML support



2 Responses to “Become a VIP for free (and get secure on the web)”

  1. 1 Joseph A'Deo

    “The soft tokens can be used in a variety of other places, which begs the question of why other sites aren’t jumping on the bandwagon, and why nobody seems to be pushing this?”

    I work for VeriSign and, speaking from behind the scenes, I have to agree. The VIP tokens are particularly relevant in light of the recent Hotmail & etc credential leak; if these sites allowed you to use two factor authentication to sign in these leaks would be useless. It’s great that google apps is finally providing this for enterprise customers, but as the webmaster of my own small site I’d like to see it implemented across the board.

    Have you received/tried the token out yet? Any thoughts?

  2. 2 Chris Swan

    I’ve not got a hard token, but I’ve used the BlackBerry soft token a few times for Google Apps in test mode (I still need to get the rest of the company up and running, and satisfy myself that offline works OK etc.). For eBay and PayPal I’m now fully cut across.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: