The trick is that the one-time password is a combination of the user's PIN and the security string that the user must put together, making it quite difficult for anyone other than that particular user to create the password. It can be deployed to leverage the entire existing authentication infrastructure already in place that makes adding this unique strong authentication to the environment quite easy.
This product can be deployed as a physical or virtual appliance, or as software only installation. The virtual appliance is distributed in OVF format and is compatible with all virtual infrastructures, including VMware and Microsoft Virtual Server.
As for the initial setup of the appliance, we found getting it up and running in our test environment took only a few minutes. It is managed through a web-based management console called Webmin. We found the Webmin interface to be clean and organised, with an intuitive layout.
The Swivel Appliance offers a lot in the way of integration with the environment and applications. Administrators can easily add strong authentication to network infrastructure such as VPNs from Juniper Networks, Cisco, SonicWall and Check Point, amongst others, as well as web applications such as SharePoint, Outlook Web Access and Microsoft Terminal Services. Furthermore, it can manage cloud-based application authentication including Microsoft Office 365, Microsoft Azure, Google Apps and Salesforce.com. On the user side, users can get the security strings from SMS, phone or native apps for Apple iPhone, Google Android, RIM BlackBerry and Windows Mobile devices.
Documentation included a couple of user guides to help get the appliance up and running. Most of the manuals can be found in the knowledgebase on the Swivel website. While we found these to be easy-to-follow and to have many screenshots and step-by-step configuration examples, we would have liked to also see a formal user and administrator guide for offline access if necessary. We did find a help guide on the appliance itself but a full PDF is always preferred.
Swivel Secure offers both eight-hours-a-day/five-days-a-week and 24/7 technical support to customers as part of a support and maintenance agreement. Customers receive both phone and email-based technical assistance, as well as access to product updates, patches, bug fixes and upgrades. Customers can access new uses and features as they become available, including mobile clients, change PIN-type applications and new integration options. Also available to all customers is no cost access to an online knowledgebase.
At a price starting at around £2,275 for a standard hardware appliance (or £750 for a standard VM appliance) and ranging from £60.50 down to £0.83 per user, this product is not low cost but we do find it to be good value for money overall. Licences are perpetual, with an annual maintenance charge of 18 per cent. The Swivel PINsafe allows for fully integrated strong authentication that is easy for users to use but hard for somebody to compromise. On top of being easy to use, this product offers many integration options that can meet the needs of almost any enterprise easily without too much management overhead.
Solid authentication but a bit light on documentation and a little pricey