"Users need not remember complicated passwords"

RSA Security is all set to launch RSA SecurID token for Microsoft Windows. Sebastian Moore, vice president for Asia Pacific at RSA Security, spoke to Chitra Padmanabhan about various uses of the device which has a six-digit number that changes every 60 seconds

* What does the RSA SecurID for Microsoft Windows solution do?

The RSA SecurID token is a two-factor authentication device that helps users log into Microsoft Windows instead of using a single static password. End users who log into Windows carry a RSA SecurID token that has a six-digit number displayed on it that changes every 60 seconds. Because of this the user does not need to remember the password but simply keys in the number that is displayed on the RSA token. Once the user responds, the Windows operating system takes the information and authenticates the user before granting access. The combined userID and the displayed password is passed on to the RSA ACE/Server software, which confirms that users have presented the proper code before granting or denying access to the Windows desktop or domain. The solution also provides a centralised audit trail in RSA/ACE server software of all end user authentication into Windows.

* For which other products does RSA SecurID work?

Companies that have already chosen RSA SecurID are allowed to expand the use of existing infrastructure in which they have invested. The tokens that are specifically purchased for the Microsoft Windows environment also work with other RSA SecurID Ready products, including those that protect network access via VPN, Web, wireless and traditional dial-up methods. There are over 270 products from over 185 vendors.

* Considering that password-based security is cumbersome, can the token help in eliminating this weakness? In what way does the token help do away with the drawbacks of using a password?

Gartner estimates that more than 70 percent of unauthorised access to information systems is committed by employees, and more than 95 percent of intrusions result in significant losses. Secondly, passwords are often shared and written down. They are easily guessed or cracked. This solution can help IT departments address the problem by putting in complex passwords and carrying out frequent password changes. Additionally, the solution allows users to authenticate the same way whether online or offline, locally to the domain or to a terminal server. Users need not remember complicated passwords and keep track of frequent password changes.

* What is the potential market for the RSA SecurID for Microsoft Windows solution?

There are an estimated 285 million Windows desktop users worldwide. Of these, only 12 million, which is less that five percent, use RSA SecurID, primarily for remote access. It is further estimated that even within companies which have invested in RSA SecurID authentication, the solution is used by only one in five potential users; the remainder use passwords. Therefore, within the current RSA SecurID base alone, there are 48 million Windows desktop users who are yet to use RSA SecurID. We are all set to launch this solution in India by September, and are expecting a healthy response from BPO companies, the banking, financial services and insurance space, and telecom companies.