. |
|||||||||||
. |
|||||||||||
. |
Related LinksHelp us Choose The Next Password Manager to Review - Win a free eBook RoboForm Password Manager Review KeePass Password Manager Review Symantec / Verisign Personal Identity Portal BetaSymantec recently acquired Verisign’s VIP authentication service. Verisign launched the service in 2009. Symantec’s offering folds the older VIP service into a new “Personal Identity Portal” promising one-click sign-in for all websites. This offering from Symantec has five basic features:
Pip Account ProtectionSetting up your PIP account involves going to PIP.verisignlabs.com, entering a username, password, and email address. Only the OpenID is created from the basic signup. OpenIDUsers login to PIP once and then access any configured OpenID compatible website without passwords while they remain logged into PIP. If every site supported OpenID, users would only use a password to login once per day. As promising as OpenID sounds, it’s adoption rate has been slow. A site can only be a provider or consumer of OpenID credentials. Many large sites, such as PIP, Google and Yahoo have chosen to be providers rather than consumers. That means that if a user creates an OpenID on PIP, they can’t use OpenID to login to Google or Yahoo. Some consumer sites like Facebook have chosen to implement it in strange ways. For Facebook, you need to go into your profile and link your OpenID with Facebook. Facebook then uses browser cookies to login a user when they go to the Facebook login page. Different browsers behave differently with their cookies resulting in people who can never get OpenID working with Facebook. Because of the many issues around OpenId, PIP added one-click sign-on. One Click Sign-onSymantec’s one-click sign-in is a free cloud based password manager service. Symantec is marketing this as a bridge for sites without OpenID support. It is a very basic password management service. An extra password is required to use and access one-click. This password is not stored anywhere. If you lose the password, Symantec will not be able to recover your one-click information. Some of it’s limitations are:
Your own Customizable PIP PageThe page used for OpenID is also available for anyone to see. This doesn’t mean anyone can see your usernames and passwords. Symantec let’s you add links to your websites and social networks so others can find you from this page. Symantec states that the page will be indexed by popular search engines, so if you have a struggling website, a link from verisignlabs.com may or may not help your search engine ranking. Online File VaultSymantec is including a free secure file vault for your sensitive documents. The offering allows user 2 gigibytes of space. The only limitation on the vault is you must configure your pip account for a Verisign VIP credential in order to use it, which is a very good thing to do. VIP CredentialsVIP Credentials enable multi-factor authentication. This is the most secure way to login. If an attacker gains access to your VIP account username and password (for example, through a successful phishing attack), they still will not be able to login without the device. Symantec offers three varieties of multi-factor authentication: Browser Certificates, Phone Apps, and keychain token / FOB. A fourth option for Ironkey USB devices is not promoted on the PIP site, but is promoted by IronKey.
|
|
|||||||||
. |
|
||||||||||
. |