Extra tokens are convenient

A couple weeks ago we announced a new feature that allows users to link multiple tokens to a single TrustBearer OpenID account. The original reason for doing this was to allow users to link a backup token to their account in case their primary token was lost.

I found another purpose for linking multiple tokens: convenience. I keep a keyboard with a few USB ports at the office. Every day I plug this keyboard into my laptop. I linked an additional token to my TrustBearer OpenID account and I keep this token plugged into my keyboard. Now, whenever I’m in the office I don’t need to go searching for my keys to log into an OpenID website.

Hardware that is built-in to our computers is much more convenient to use. I’m sure that Apple has increased video chatting with iSight cameras now included with every laptop they sell. For awhile Dell has been including smart card readers in their business-class laptops. Many IBM & Lenovo ThinkPad laptops include a built-in biometric swipe sensor. Will we ever see a smart card reader in a MacBook? I doubt it. But that’s another conversation…

For those of you who have been issued a smart card, either from your company, government, or private institution, do you carry around a reader with you all the time? Has having the card convinced you to get a laptop with a built-in smart card reader? 


5 responses to “Extra tokens are convenient

  1. I’m wondering why you are sticking with the physical token concept. Why not evolve strong authentication towards usage of physical devices already in the hands of consumers, such as a mobile phone?

  2. Word. Lots of benefits. First, no need to distribute or manage physical tokens. Second, 2nd factor authentication could occur out of band, which could protect against lots of man in the middle and phishing. Are there any non-token Trustbearer services on tap?

  3. We are considering a few alternative tokens from the traditional ones that we’ve supported in the past. This includes mobile phones and soft tokens. One of the challenges in the mobile phone space is a standard for communication between the host computer and the mobile phone, but we’re getting there.

  4. Thanks Brian, I’ve looked at a variety of these (i.e. PhoneFactor). Seems like (though I don’t fully understand this stuff) they focus on placing a call rather than establishing some sort of data session, which seems like it could be a common technical solution without regard for differences between telephone networks. Would love to stick with your stuf though…

  5. One big upside to the phonefactor-type solution is the Out of Band component. It would be great if your solution didn’t essentially translate the “what you have” into a “what you know” and then require the user to feed it into the browser, where phishing can occur.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s