VeriSign Inc.'s recent push to turn more mobile devices into passcode-generating tokens may make the security system more palatable to banks.
One-time passcode tokens generate a string of numbers that quickly expire, making them of little use to hackers who manage to obtain them. The format is generally considered more secure than static passwords and is widely used by banks for employee access to some systems or to secure some customer accounts.
VeriSign's newest approach is to turn smart phones and other portable devices into tokens, eliminating the need for banks to issue token-generating hardware.
"The No. 1 reason we're doing this is that asking users to carry stand-alone devices is difficult, it's expensive," Kerry Loftus, the vice president of user authentication at VeriSign, said Thursday.
Companies that use hardware tokens must also deal with the cost of distributing them and replacing them when their batteries die. Removing that issue means "we've taken out the lion's share of the costs," she said.
VeriSign said that it has extended its token system to work with more models of Research In Motion Ltd.'s BlackBerry devices, the Apple Inc. iPod Touch and devices running Microsoft Corp.'s Windows Mobile platform.
Avivah Litan, a vice president and distinguished analyst at the market research company Gartner Inc., said that VeriSign's push is meaningful.
Adding token capability to these devices "wasn't a trivial job," she said.
This may not spur more banks to offer tokens, but should appeal to those that already do.
As "tokens start aging," she said, banks now "have a choice of not issuing new ones."
