Swivel Secure PINsafe
Strengths: Seamless PIN integration into many types of applications and services.
Weaknesses: Expensive and slightly difficult to configure.
Verdict: An interesting approach and well worth exploring.
SummaryThe PINsafe from Swivel Secure takes a user's fixed personal identification number and randomly generates a one-time login code that is sent to the user to enter as part of a second factor for authentication. This code can be delivered to the user through multiple paths, including a mobile application, text message, voice call or web application. When the user receives their code, they enter that along with their password and are able to login to the specified resource. PINsafe can integrate with a multitude of applications and services, including secure sockets layer virtual private network (SSL VPN), remote access and web platforms, and many cloud services.
This solution can be deployed as a physical or virtual appliance, or as a software-only installation. For our evaluation, we looked at the physical appliance. We found PINsafe to be of average difficulty to install and configure. Much of the management of the tool is done through a web-based management console known as Webmin. We found this to be fairly easy to navigate with an intuitive design, but it did take a little bit of getting accustomed to. Integration is a big strong point with this offering. It can be configured to integrate with the already existing Microsoft Active Directory infrastructure for user management, and then further integrate with already existing platforms throughout the enterprise, including SonicWALL, Cisco, Check Point and Citrix SSL VPNs; Microsoft services, including Terminal Services, Exchange and Outlook Web App (OWA) and SharePoint; and many cloud-based services, such as Google applications and Salesforce.com.
From the user standpoint, this product is seamlessly integrated into the applications themselves. In most cases, the user will notice an extra field that has been added to the login page for their one-time code. There is nothing for them to install, and they encounter no real difficult authentication processes. Users can get their one-time code from a variety of sources, including from the obvious text to their mobile phone, voice phone call, and a web application to the not-so-common dedicated application available across multiple mobile phone platforms.
Documentation included a single-page quick-start, a short console user, a console management interface, and several other configuration-specific mini-guides available online. We found all documentation to be easy to understand. Many included screen shots, configuration examples and step-by-step instructions. Also provided was a full reference manual that included many in-depth configuration instructions and procedures.
Swivel Secure provides customers with free unlimited access to a knowledge base and a few other online resources. Customers also can purchase standard, eight-hours-a-day/five-days-a-week or full 24/7 phone and email technical support at 18 percent and 40 percent of the license cost, respectively.
With an appliance price of $4,000, plus an additional $1.41 to $110 per user (based on volume), this appliance can become quite pricey for some environments. However, we find it to be a reasonable value for the money based on its solid integration functions and seamless ease of use to licensees.