Both RSA and VIP have hard tokens and soft tokens.
The difference is that RSA assigns tokens to the company that purchases
them. (You get a list of serial numbers to import to your local or
hosted RSA server.)
VIP is a hosted service only. A single VIP token (designed to be a soft
token, but a hard token can be purchased) is assigned to the
person/device by Symantec. The software can be installed, it then
negotiates the "Credential ID" (aka serial number) with the hosted
service when first run. There is no way to enter your own ID. Any
company that subscribes to the VIP service can validate ANY token.
I can take my VIP token (on my smartphone) that I used for my company
VPN access and install its Credential ID into my eTrade account and turn
on 2 factor for that.
The idea with VIP is closer to a federated login. But the VIP hosted
service does not have any login information. Just validates that the
code presented to it, matches the Credential ID that is presented in the
same request. So, any service that uses VIP as a second authentication
method, must provide its own login account to itself.
Down side (and I have had to do this) is if you have to hard reset your
device (what ever you have the soft token on), you have to go through
all your accounts that use the token and work with the password recovery
to clear the old token ID and install the new one.
--
Mr. Flibble
King of the Potato People
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
