There’s a common theme to the recent security breaches at Target, Home Depot, eBay, and Sony: each originated as a compromised employee or partner identity. The simple act of clicking on a phishing email led to the loss of a user ID and password, and from there the hackers got access to the PC’s operating system. Soon they controlled the corporate network, distributing more malware across critical... servers. This nightmare scenario is repeated far too often, but help is on the way.
One popular solution to better safeguard employee and partner access is to use one-time-password (OTP) to augment traditional credentials. Unfortunately, traditional discrete hardware OTP tokens cause added friction to the user experience of logging in, and hardware tokens are cumbersome or easily lost, and are notorious for generating costly help desk calls. They increase security, but at a cost.