VeriSign to Form Security Network Driven by Devices

["Richard M. Smith" <rms () bsf-llc com>]

http://online.wsj.com/article/SB113980779503272313.html?mod=technology_main_
whats_news
 

VeriSign to Form Security Network Driven by Devices

By RIVA RICHMOND
February 13, 2006; Page B6


VeriSign <http://online.wsj.com/quotes/main.html?type=djn&symbol=vrsn>  Inc.
plans to create a common system that will allow multiple companies to
provide secure access to online accounts with pocket-sized security devices,
rather than relying on passwords alone.

The Mountain View, Calif., company said it has lined up eBay
<http://online.wsj.com/quotes/main.html?type=djn&symbol=ebay>  Inc. and
Yahoo <http://online.wsj.com/quotes/main.html?type=djn&symbol=yhoo>  Inc. as
initial partners in the so-called VeriSign Identity Protection, or VIP,
network, which is slated to be formally announced today.

Under the plan, VeriSign and certain partners, including eBay's PayPal unit,
will sell or give away the devices to consumers. Other partners, such as
Yahoo, won't issue hardware themselves but will allow customers to use a
single device when logging onto multiple online accounts, VeriSign said.

VeriSign hopes to attract numerous banks, brokerages and e-commerce sites to
the network in one of these roles, creating a shared system akin to ATM
networks to offer fraud-wary consumers greater security, while keeping a lid
on costs for participating companies. The initiative could be a boon for
VeriSign, by opening up a much bigger market for its user-authentication
business.

EBay plans to issue VeriSign gadgets known as "tokens" that display a
passcode that changes regularly and can be attached to a key chain. Other
partners may issue tokens or other devices, such as memory sticks that plug
into computer USB ports and can input passcodes. They may also choose to
send one-time passcodes to customers on devices they already carry, such as
cellphones.

For consumers, the system could help make "security a part of your Web
lifestyle," says Nico Popp, vice president of VeriSign's
authentication-services group.

VeriSign plans to sell devices usable on the network directly to consumers
via a Web portal it expects to launch in the next three months. Also,
SanDisk  <http://online.wsj.com/quotes/main.html?type=djn&symbol=sndk> Corp.
has agreed to make its flash-memory drives, which are sold in retail stores,
work as authentication devices on the network.

The effort reflects the rising concern among consumers and companies about
online fraud and identity theft. Passwords are often forgotten or stolen,
sometimes through online information-theft schemes known as "phishing."

Experts have long pushed for the tighter security offered by "second-factor"
authentication, the kind used by ATM systems. The phrase refers to combining
something users have with something they know, such as requiring a debit
card and a PIN number. Many corporate employees use tokens to gain secure
access to company networks when outside the office.

"We think, overall, second-factor authentication will be a good tool for
consumers to protect them from identity theft," an eBay spokeswoman said.

VeriSign said Yahoo would allow consumers to use devices tied to the network
to log into their Web accounts securely, but it wouldn't be distributing
devices. A Yahoo spokeswoman confirmed those details of its participation.

Write to Riva Richmond at riva.richmond () dowjones com

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.