One-time-password token generating dongle

I'm looking for a company that supplies "one time password" security token generating equipment.

For example - a small keychain device which generates a one-time token when you push a button.

The idea is that the token can be used to for two-factor authentication of a user.

I know how to Google - there are many companies out there that provide this:

Yubico (Dongle)-
Gooze (Dongle) -
Enix (Dongle) -
Authentify (SMS)-
.... dozens of others

Some of then deliver the token via a little LCD screen. Others use RFID or USB to talk to software on the computer directly. Some use SMS / text message or a voice call. Some are biometric, and there are lots of clever designs out there.

So what I'm looking for from the Experts here is for somebody who has actually USED these services directly and can tell me about their experience with that particular provider. How exactly does it work? Is it reliable? Affordable?

Also, who are the major players in this particular field? Are there any large companies that stick out above the rest?
LVL 31
Who is Participating?

Improve company productivity with a Business Account.Sign Up

edster9999Connect With a Mentor Commented:
Generally expensive.  
You are not paying for the plastic with the little chip inside and a screen.  If you were you would be paying $1.
Instead you pay for the software, the encryption underlying it and probably the name on the case - making them more like $100.

They work.  They allow you to login and authenticate and even if someone glances over the shoulder while it is logging in they cannot steal the login as it has then expired.

Is it total security ?  No.  If someone steals the keyfob and threatens the member of staff - there is a good chance they will reveal their pin (normally a 4 digit pin that goes with the number on the screen for double security).
I have even had these returned to me when someone leaves with their pin taped to the back on the unit    :S

They do have a tendency to drift off if they are not used for a few months and then an admin must resync them (normally by entering the code and the next code so the server knows where you are in the sequence).  This could be an issue if they are only used in emergencies or when people travel if it is not that common.

You have to weigh up the cost of them compared to using something like OpenVPN and having passwords or key files and teaching your staff to be careful with them.
Dave HoweSoftware and Hardware EngineerCommented:
We went with, having previously used vasco and rsa tokens. This is a fully hosted solution (so you lose control over the process, this can be an issue!) but there is a wide range of mobile phone based "apps" to generate the tokens, plus we could import our "legacy" tokens (vasco in this case, the rsa ones expired) to let us retain the benefit of our investment in those.
Rich RumbleConnect With a Mentor Security SamuraiCommented:
I've use hard and soft-token from SafeNet/RSA/Symantec and yubico. Two factor is nice on paper, but once you are authenticated, unless you have further controls, there is nothing at the NETWORK level that benefits from 2-factor. Meaning, your users get VPN'd in to your network, they use 2 factor correctly and the tunnel is established. The user gets infected or is already, perhaps hacked already, now that the user is on your network, so is the attacker. If the attacker tried to \\ip.ip.ip.ip to the resources on your Lan from one of your user's computers, there is nothing stopping them, they will be able to as long as the users account is able to. They don't need to keylog, or steal creds, if the user ran something they shouldn't have, the attacker is now the user.
2Factor protects LOGIN's, interactive logins like your standard windows sign in, or citrix login. There is nothing at the network level. 2-Factor may be a requirement of PCI/DSS but it doesn't really do anything to add further protection aside from the initial LOGIN to the network.
Soft-tokens are much easier to deal with, having people place them on their phones is pretty convenient and makes the logisitics of issuing and token reclamation soooo much easier. Hard-Tokens (dongles) are a nightmare no matter whose you use, you have to ship them to users or offices for distribution, and you want to get them back because they cost a lot of money. Soft-Tokens are much better logistically, but they cost the exact same as the Hard-Tokens, because NO ONE would buy hard if soft was cheaper.
If you have a requirement you have to meet, like the one for VPN'ing into a PCI/DSS network, then try other compensating controls. I'm not impressed with 2-factor in the slightest. It only offers some additional assurance against account sharing and even then it's not really that much, see here:
The Yubico tokens, there are several, are different than any others and can be used in different situations than most of the LCD based ones.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.