One-time-password token generating dongle

Posted on 2013-05-13
Last Modified: 2013-05-29
I'm looking for a company that supplies "one time password" security token generating equipment.

For example - a small keychain device which generates a one-time token when you push a button.

The idea is that the token can be used to for two-factor authentication of a user.

I know how to Google - there are many companies out there that provide this:

Yubico (Dongle)-
Gooze (Dongle) -
Enix (Dongle) -
Authentify (SMS)-
.... dozens of others

Some of then deliver the token via a little LCD screen. Others use RFID or USB to talk to software on the computer directly. Some use SMS / text message or a voice call. Some are biometric, and there are lots of clever designs out there.

So what I'm looking for from the Experts here is for somebody who has actually USED these services directly and can tell me about their experience with that particular provider. How exactly does it work? Is it reliable? Affordable?

Also, who are the major players in this particular field? Are there any large companies that stick out above the rest?
Question by:Frosty555
LVL 20

Accepted Solution

edster9999 earned 250 total points
ID: 39163206
Generally expensive.  
You are not paying for the plastic with the little chip inside and a screen.  If you were you would be paying $1.
Instead you pay for the software, the encryption underlying it and probably the name on the case - making them more like $100.

They work.  They allow you to login and authenticate and even if someone glances over the shoulder while it is logging in they cannot steal the login as it has then expired.

Is it total security ?  No.  If someone steals the keyfob and threatens the member of staff - there is a good chance they will reveal their pin (normally a 4 digit pin that goes with the number on the screen for double security).
I have even had these returned to me when someone leaves with their pin taped to the back on the unit    :S

They do have a tendency to drift off if they are not used for a few months and then an admin must resync them (normally by entering the code and the next code so the server knows where you are in the sequence).  This could be an issue if they are only used in emergencies or when people travel if it is not that common.

You have to weigh up the cost of them compared to using something like OpenVPN and having passwords or key files and teaching your staff to be careful with them.
LVL 33

Expert Comment

by:Dave Howe
ID: 39164044
We went with, having previously used vasco and rsa tokens. This is a fully hosted solution (so you lose control over the process, this can be an issue!) but there is a wide range of mobile phone based "apps" to generate the tokens, plus we could import our "legacy" tokens (vasco in this case, the rsa ones expired) to let us retain the benefit of our investment in those.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
ID: 39190825
I've use hard and soft-token from SafeNet/RSA/Symantec and yubico. Two factor is nice on paper, but once you are authenticated, unless you have further controls, there is nothing at the NETWORK level that benefits from 2-factor. Meaning, your users get VPN'd in to your network, they use 2 factor correctly and the tunnel is established. The user gets infected or is already, perhaps hacked already, now that the user is on your network, so is the attacker. If the attacker tried to \\ip.ip.ip.ip to the resources on your Lan from one of your user's computers, there is nothing stopping them, they will be able to as long as the users account is able to. They don't need to keylog, or steal creds, if the user ran something they shouldn't have, the attacker is now the user.
2Factor protects LOGIN's, interactive logins like your standard windows sign in, or citrix login. There is nothing at the network level. 2-Factor may be a requirement of PCI/DSS but it doesn't really do anything to add further protection aside from the initial LOGIN to the network.
Soft-tokens are much easier to deal with, having people place them on their phones is pretty convenient and makes the logisitics of issuing and token reclamation soooo much easier. Hard-Tokens (dongles) are a nightmare no matter whose you use, you have to ship them to users or offices for distribution, and you want to get them back because they cost a lot of money. Soft-Tokens are much better logistically, but they cost the exact same as the Hard-Tokens, because NO ONE would buy hard if soft was cheaper.
If you have a requirement you have to meet, like the one for VPN'ing into a PCI/DSS network, then try other compensating controls. I'm not impressed with 2-factor in the slightest. It only offers some additional assurance against account sharing and even then it's not really that much, see here:
The Yubico tokens, there are several, are different than any others and can be used in different situations than most of the LCD based ones.

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Home Folder Permissions in Active Directory 2 32
Post Clonezilla image restore issue 6 38
FTP Transfer Speeds ... 6 55
Dell Latitude 6 Series 5 17
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
OnPage: Incident management and secure messaging on your smartphone
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question