AuthenticationBetter than SecurID?

Published 5 July 2011

The man who invented the two-factor authentication SecurID token has just unveiled a more secure authentication system using voice biometrics; Kenneth Weiss, the founder of Universal Secure Registry, says his latest invention is more flexible and secure than SecurID tokens as they can be used to authenticate individuals on mobile phones, payments, and cloud computing; by adding a voice biometric component, the new device offers three-factor authentication

The man who invented the two-factor authentication SecurID token has just unveiled a more secureauthentication system using voice biometrics.

According to Kenneth Weiss, the founder of Universal Secure Registry, his latest invention is more flexible and secure than SecurID tokens as they can be used to authenticate individuals on mobile phones, payments, and cloud computing.

By adding a voice biometric component, the new device offers three-factor authentication for added security on top of the provision of a one-time password, which the current two-factor IDs use.

You enter a PIN and voice, and only then does the unique seed inside the phone produce a random number,” explained Weiss. “This is much more appropriate for emerging cloud technology and financial payments.”

Weiss’s latest invention comes after hackers breached RSA’s network and stole information on its SecurID tokens. The information was then used in an attempt to break into Lockheed Martin.

Weiss said the sensitive information at stake is the seed values for the two-factor authentication system associated with SecurID customers.

The seed is the logical equivalent to a combination to a vault,” Weiss explained. “Their secret seeds were compromised,” but even with these seeds an attack is not necessarily easy as the hacker would also have to emulate a SecurID token and have a valid password.

Weiss claims that his latest device is less susceptible to these types of attacks as its seed values can be updated at periodic intervals and it also contains a “stronger algorithm” than the RSA SecurID. In addition the password is a sixteen digit long combination rather than just eight.

Weiss has yet to deploy the technology and hopes to obtain licenses for it.