The Digipass pack product from Vasco is perhaps less of a product in the accepted sense and more of a security philosophy – the philosophy in question being that of dynamic, one-time password creation using portable tokens.
The tokens supplied for review were the Digipass GO1 variety, a read-only token from which the user simply reads the one-time password when required (there are other types of tokens which allow for direct user input as part of the password-generation process).
These tokens are attractively finished and feature a pull-out section which, when activated, displays the six-digit password number that stays visible on the small LCD for about 15 seconds. The tokens come supplied with a holder to be worn "around the neck," making them easy to carry at all times. They are battery powered and should remain active for roughly five years.
From the user perspective, this is a straightforward methodology, undertaken via the robust, attractive and easily carried Digipass token. There is more to it than this though and Vasco has considered a number of approaches to implementation, supplying various flavors of the Vacman Radius middleware software.
Comprehensive implementation guidelines are provided for a number of gateway and server products and should help system administrators who want to quickly understand how to deploy such a product.
Indeed, the supplied CD is full of useful information, from white papers to original product leaflets.
Furthermore, Digipass products are supported by a wide range of technology suppliers and partners, ensuring a practical implementation in most cases, whatever your particular network architecture.
This is a serious product for those who are serious about security. For many, the question will be if they support the one-time dynamic password generation approach or whether they move towards tokens and/or biometrics. If the former is the case, then this is a product to investigate further.
Flexibility of implementation.
Not for the faint hearted.
A potentially comprehensive product using dynamic passwords.