Sep 24 2020

Review: RSA SecurID SID700 Helps Secure Remote Workers

This well-regarded token locks bad actors out of government networks with two-factor authentication.

One of the best ways to protect data for a telecommuting workforce is with two-factor authentication. That way, even if an employee’s password is compromised or stolen, attackers will not be able to access network resources because the second authentication factor will remain secure.

Two-factor authentication can be achieved in a variety of ways. The most common method is having an on-demand key texted to a smartphone. But that is limited in quite a few ways. For example, a user might not have a reliable cellular or wireless signal. Also, text messages sent over nonsecure channels are subject to interception and spying.

MORE FROM STATETECH: Why VPNs cannot provide the necessary security to protect users and data at scale.

A Hardware Token Designed for Maximum Security

To create a more secure two-factor authentication process, RSA created the SecurID SID700 hardware token. This little device is shaped like a key and is designed to clip onto a standard key ring for easy transport. A little LCD screen on the front of the token generates a new six-digit key every 60 seconds.

SecurID employs an algorithm to generate the new keys. Each key has a unique serial number, and a pack of tokens comes with software that contains a unique seed for each unit. Adminis-trators upload the seeds to the RSA authenticator and management server, and then assign each key to a user with Active Directory.

RSA SecurID SID700 hardware token

Users Get Details on How Long Keys Are Active  

Because the seeds feeding the algorithm on the server match the ones each individual token is using, the server knows exactly what number is displayed by the token without having to transmit any data. Users who want to log in to a protected resource go to the RSA login portal and enter their username, a PIN and a number displayed by their token at that time. If all matches, users are authenticated and allowed to proceed.

The token also displays how long the current key will be active with a series of dots on the left side of the screen, each dot representing 10 seconds. If there are only one or two dots left, users can wait for a new key before logging in so they don’t have to rush. This helps make the SecurID tokens easy both to use and to manage. 

READ MORE: Find out how multifactor authentication can help with election security. 

Swapping Out RSA SecurID Tokens When Necessary

Although each SecurID token is designed to last for up to three years, it can still be damaged, lost or stolen. We tested how easily new tokens can be swapped out should this happen.

Each RSA SecurID SID700 hardware token is fairly rugged with hardware-based internal circuitry and no moving parts. They also have a hard plastic case which resists damage. Unlike most electronics that can easily break when dropped, the size of the tiny token prevents it from generating enough force to cause any damage, most of the time.

So, there is a good chance that most users will be able to use their SecurID token without interruption for years. Keep in mind, however, that each token has a hard-coded expiration date, which is normally set to three years. After that, the key may still physically function but can no longer be used for authentication. Users must swap out old keys eventually, even if they never lose or break the device.

Issuing a new key when one is lost or broken is not that big of a deal. Administrators can disable the lost key on the authentication server as soon as it is reported, meaning the key can no longer be used to access network resources.

Thereafter, it’s simply a matter of uploading the new seed information for an unused token, and then assigning that token to the user with the Active Directory data. As soon as the new physical key delivered, the user can get back to work.

One additional note: Administrators need to be very careful with the seed data for their keys, as this is one potential vulnerability. That information must be locked down and also should have strong encryption. But as long as that data is kept safe, users will have easy-to-use and fully protected access to valuable assets, even when they are working from home or a remote location.

RSA SecurID SID700 Hardware Token

Key Length: 6 numeric characters
Key Life: New keys generated every 60 seconds
Display: Monochrome LCD
Token Life: Device automatically expires after three years
Weight: 0.32 ounce

RSA