Serious Cybersecurity: Verisign PIP + RSA hardware token

Via Security Now I recently learned of a valuable Verisign service that ties your Open ID identity to a second-factor “thing you have”, the Verisign-supplied Secure ID token. Paypal & Ebay are offering the tokens at a subsidized $5. Verisign sells the same FOBs for $30.

Verisign VIP is the backend for the Paypal Secure ID system.

Verisign PIP offers a beta of the Open ID service [though beta it seems to work fine].

The value of Open ID will grow as more sites adopt. The idea is to have one secure login valid across the internet. Note: if you register [bind] your Secure ID FOB with PIP you can really lock down your single sign-on identity. Of course you can have multiple identities — e.g., a “don’t care” identity with no hardware FOB you might use for NYTimes.com etc.

Security Now 107 has more details on PIP. And USA Today had a somewhat accurate survey piece.

Technorati Tags:

1 thought on “Serious Cybersecurity: Verisign PIP + RSA hardware token

  1. Hi Steve:

    I am the technical director for the PiP/SeatBelt product here in VeriSign’s Innovation team. I came across your blog post and I wanted to correct part of the post.

    The PiP **does not** work with RSA’s “SecureID” token. Rather it works with VeriSign’s “VIP Credential”. RSA’s is a completely separate product and which currently has no connectivity or relationship with OpenID.

    The tokens that both VeriSign uses as well as Paypal/eBay are also Verisign products and have no connection to RSA whatsoever.

    Hence why we’re taking a leadership position…:-)

Comments are closed.