Naturally, I take issue with some of these claims. Here’s why.
There are certainly other solutions in the market that allow organizations to leverage smartphones as authentication tokens. However, most such solutions still rely on One Time Password (OTP) technology. OTP solutions have large operational expenses, typically running well beyond the purchase cost of the solution itself, in addition to offering a very weak user experience.
While the comments regarding Layer Two Tunneling Protocol (L2TP) are generally correct, they don’t apply to BlackBerry’s VPN Authentication, which is focused on authentication only. No BlackBerry component acts as a gateway of any kind in the solution, and the standard client from the VPN vendor is employed, just as with a legacy OTP solution. There are no incremental costs here.
Regarding the security of mobile phones, BlackBerry obviously focuses on making this a reality, whether for our own phones or iOS, Android, or Windows Phone devices. While no security is perfect, well-informed enterprise customers are increasingly trusting phones and tablets as endpoints for apps and data – not to mention legacy OTP authentication tokens. A modern phone-based token that is more convenient, less expensive, and less problematic is thus an obvious benefit.
Finally, BlackBerry would recommend against PC-resident authentication solutions for a number of reasons, but the most fundamental is the loss of a true second factor, as the endpoint itself is now acting as an authentication factor. Most enterprise security groups agree that this scenario is at best “one-and-a-half factor,” and thus has reduced security advantages.
“What a pain,” he wrote, “why can’t your phone be that second factor?” VPN Authentication’s use of the ubiquitous smartphone to replace the hardware fob, continued Gruman, “makes a lot of sense to me.”