[shsmcn78]

What is this and what does it do?

[Berryman]

A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. A leading vendor of this technology, RSA also sells this solution to run on a Blackberry using soft tokens.

Security tokens provide an extra level of assurance through a method known as two-factor
authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in. The identification number for each user is changed frequently, usually every five minutes or so.

Unlike a password, a security token is a physical object. A key fob, for example, is practical and easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN (which only the rightful user knows) is also needed.

[gregory_opera]

FYI, tokens in almost all their forms offer ridiciously high-levels of security and have their roots in the Corporate world, Governments of the world, a growing number of small businesses and major banks...

eBay and PayPal have also recently started (optionally) offering tokens to their customers in most countries, for increased security.


Bear in mind though, that to implement such security on a PERSONAL BlackBerry device would be a costly exercise, so unless you are particularly concerned about security, you're an Administrator and/or you have too much money to play with, don't bother.

Posted from my CrackBerry at wapforums.crackberry.com

[PaulCh]

I am an admin for a medium size company and am getting an import failed error when trying to load the .sdtid file for the software token onto Blackberries with os 4.3 or newer. Any suggestions? RSA has been no help

[BBIronMan]

How many did you try this on? I pulled it down from RSA SecurID Token for BlackBerry and installed without issue on two 4.3 devices (8830 and 8330).

Any more specifics about the devices or method of load.

BTW, other two-factor or single use systems are available from Secure Computing (MobilePass software authenticator: Secure Computing) and Wikid (WiKID Commercial Open Source Two-Factor Authentication — WiKID Strong Authentication).

[nowen]

As a newbie to this forum I can't post links, but we do have a jad file for the WiKID blackberry software token that can be found on our downloads page at wikidsystems.com/downloads. We like to keep things simple - we also have all of our pricing and purchasing online.

While two-factor authentication is typically is for corporations, we also offer a home license starting at $10/year - pay what you want.

HTH,

Nick

--
Nick Owen
WiKID Systems, Inc.
404-962-8983 (desk)
Commercial/Open-source Two-Factor Authentication

[my_2_cents]

one question...I have to use a software token at work, currently a usb key style. I'm wondering if the BB software token works over bluetooth, or requires a plug in. Bluetooth isn't generally considered high enough security that I would see it being trusted this way, but having to plug and unplug the phone constantly would cause untold hardware problems with the phone, and of course inconvenience when trying to use the phone while it is plugged in to the computer.

Bluetooth would be an excellent idea. You wear the phone on your hip, and when you are close enough to the computer it allows access (with the password of course) It seems like a very user friendly system if the bluetooth is secure enough.