I haven't used those two specific products but I'm in favor of whatever system requires people to NOT carry yet another device. That is, the VIP solution with the phone app.
Security and convenience are often at odds with each other. We, sysadmins, often want the absolutely most cryptographically secure thing in the land (closed device). However the phone app may be slightly less secure (do you really trust a phone not to be hacked?) but the fact that people always have it with them more than exceeds the loss of security. There is a big difference between 97% secure with a device that people like and 99% secure with a device people hate, forget to bring to work, lose, etc. That extra 1% is not worth it.* If you are currently at security level "suck" and you have to choose between "awesome + users like it" and "awesomer + users hate it", either one puts you in a better position than you were before. Tom * For most enterprises. Obviously YMMV. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
