funsec mailing list archives
VeriSign to Form Security Network Driven by Devices
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Mon, 13 Feb 2006 08:24:52 -0500
http://online.wsj.com/article/SB113980779503272313.html?mod=technology_main_ whats_news VeriSign to Form Security Network Driven by Devices By RIVA RICHMOND February 13, 2006; Page B6 VeriSign <http://online.wsj.com/quotes/main.html?type=djn&symbol=vrsn> Inc. plans to create a common system that will allow multiple companies to provide secure access to online accounts with pocket-sized security devices, rather than relying on passwords alone. The Mountain View, Calif., company said it has lined up eBay <http://online.wsj.com/quotes/main.html?type=djn&symbol=ebay> Inc. and Yahoo <http://online.wsj.com/quotes/main.html?type=djn&symbol=yhoo> Inc. as initial partners in the so-called VeriSign Identity Protection, or VIP, network, which is slated to be formally announced today. Under the plan, VeriSign and certain partners, including eBay's PayPal unit, will sell or give away the devices to consumers. Other partners, such as Yahoo, won't issue hardware themselves but will allow customers to use a single device when logging onto multiple online accounts, VeriSign said. VeriSign hopes to attract numerous banks, brokerages and e-commerce sites to the network in one of these roles, creating a shared system akin to ATM networks to offer fraud-wary consumers greater security, while keeping a lid on costs for participating companies. The initiative could be a boon for VeriSign, by opening up a much bigger market for its user-authentication business. EBay plans to issue VeriSign gadgets known as "tokens" that display a passcode that changes regularly and can be attached to a key chain. Other partners may issue tokens or other devices, such as memory sticks that plug into computer USB ports and can input passcodes. They may also choose to send one-time passcodes to customers on devices they already carry, such as cellphones. For consumers, the system could help make "security a part of your Web lifestyle," says Nico Popp, vice president of VeriSign's authentication-services group. VeriSign plans to sell devices usable on the network directly to consumers via a Web portal it expects to launch in the next three months. Also, SanDisk <http://online.wsj.com/quotes/main.html?type=djn&symbol=sndk> Corp. has agreed to make its flash-memory drives, which are sold in retail stores, work as authentication devices on the network. The effort reflects the rising concern among consumers and companies about online fraud and identity theft. Passwords are often forgotten or stolen, sometimes through online information-theft schemes known as "phishing." Experts have long pushed for the tighter security offered by "second-factor" authentication, the kind used by ATM systems. The phrase refers to combining something users have with something they know, such as requiring a debit card and a PIN number. Many corporate employees use tokens to gain secure access to company networks when outside the office. "We think, overall, second-factor authentication will be a good tool for consumers to protect them from identity theft," an eBay spokeswoman said. VeriSign said Yahoo would allow consumers to use devices tied to the network to log into their Web accounts securely, but it wouldn't be distributing devices. A Yahoo spokeswoman confirmed those details of its participation. Write to Riva Richmond at riva.richmond () dowjones com
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- VeriSign to Form Security Network Driven by Devices Richard M. Smith (Feb 13)