Re: Entrust - Identity Guard - Any experience?

[Ned Fleming <ned () kaw us>]

On Sun, 21 Aug 2005 07:48:47 -0700, Saqib Ali <docbook.xml () gmail com>
wrote:

> > Two-factor means, to many of us, that there is something in addition to
> > something-you-know. A hardware token, a printed OTP list, biometric, or a
> > secured terminal with unique identifying keys/tools.
>
> The problem with a Printed List of OTPs and Entrust Identity Guard is
> that they give false sense of security in case they are stolen and
> duplicated. Someone can easily duplicate these without the knowledge
> of the owner. 

Not really. The card is something a person carries around. Besides the
cards can be made to be difficult to photocopy. And if stolen, they
can be treated the same as a stolen token: invalidated and a new one
generated as easy as kiss my hand.

And the owner still thinks that he/she is the sole owner
> of Entrust Identity Guard. Whereas a hardware token (e.g. RSA
> SecureID) is a lot harder to duplicate. It might be easy to steal a
> hardware token, but NOT without the knowledge of the owner. Once the
> owner find out that the hardware token is stolen, he/she can get it
> de-activated.

I like the Entrust thingamabob. Think Pareto's Law: It gives 80
percent of the functionality of a secure token for 20 percent of the
cost. (Actually, I think it gives 96 percent of the functionality of a
secure token for 20 percent of the cost -- Pareto squared.)

Ned