Unlike traditional banks mainly employs physical security device, which is also known as hard token
, and Short Message Service One-time Password (SMS OTP) as 2FA tools, GES use mobile application, which is also known as a soft token, as the security device which seamlessly combines the convenience of SMS OTP with the security of token technology.
Account registration is not required; users can authenticate with a Common Access Card (CAC) or Public Key Infrastructure (PKI) hard token
. Moderator-validated guest access is permitted.
"Without use of something like a hard token
, plus a password, it's virtually impossible to prevent some leakages."
They also contain a number of security features including 2-factor authentication with an optional Hard Token
in case of loss or theft and a Session Lock which prevents hackers taking control of the laptop and using the VPN tunnel to access the company's network.
We also liked the fact that the smart card solution required Jess interaction than a hard token
. When-you think about the safety of remote users who may be accessing their laptops in their cars, that' s a significant feature.
Since all these users have their own laptops, we didn't require the mobility of a hard token
. And beyond supporting X.509 digital certificates, the private/public key pair is generated on the card itself rather than on the PC for added security in case a laptop is stolen.
The revised rule (June 1, 2010) allows the use of a biometric as a substitute for a hard token
or a password.
The ultra-thin YubiKey has a rugged, waterproof, crush-resistant design, has no battery or synchronization requirements, and is designed to last far longer than typical hard token