TriCipher Armored Credential System
Strengths: Numerous token and zero footprint options for adding strong authentication to devices or web applications.
Weaknesses: LDAP integration; cost.
Verdict: ID Vault adds stronger authentication to current methods, plus it can grow using TACS to provide most two- and three-factor authentication options.
SummaryThe TriCipher Armored Credential System (TACS) is a unified authentication infrastructure that protects online identities from fraud and identity theft by issuing and managing a variety of secure, easy to use and low-cost credentials.
The solution is an appliance product and, as with the other solutions tested this month, the initial deployment and configuration will require some effort to set up and configure. Our review was conducted virtually, so we can't really report on the overall server side implementation effort.
The system uses traditional two-factor tokens, but also adds an added layer of security to the traditional user name and password authentication through the use of the ID Vault appliance. One part of the TriCipher credential is generated on the user's computer, and the other portion is stored on the ID Vault appliance. This provides protection of the user's online identity while maintaining the familiar user experience of entering a username and password. To successfully authenticate, both parts of the credential must be combined.
This offering does require a software component to be installed on the device, but a zero footprint option for web-based strong authentication is also available and uses browser cookies and certificates.
The TriCipher Armored Credential System integrates Armored passwords and knowledge-based authentication (KBA) as authentication factors. Additionally, the TriCipher ID Tool plug-in is a component of the TACS that is used for web-based applications to authenticate users and transactions, digitally sign documents, and encrypt/decrypt email.
The product integrates with most other solutions, including web servers, identity management solutions, digital signing, single sign-on solutions and various SSL/VPN solutions.
Although the zero footprint and ID Vault options makes it easy to deploy and seamless to use, the loss or theft of a portable device will allow access to the secure system if the user name and password are cracked, as the second-factor authentication resides on the device.
Phone and email support are available on a 7/24 basis for an hourly fee.