Review: Vasco Digipass Pack security software and USB tokens

Two-factor authentication for remote and local users

Vasco has updated its Digipass smartcard authentication product (reviewed here), adding support for a new USB security token, ­ the DP 860, ­ and extending the package to provide strong two-factor authentication for remote and local users.

We tested the combined Digipass Pack for Remote & Network Authentication and found it to be a complete security solution, comprising client and server software plus DP 860 USB tokens for five users, although it does have shortcomings.

The concept is sound and easy enough to understand, the USB tokens providing the physical component of the two-factor authentication delivered by the Digipass Pack. The second is either a simple Pin code stored on the DP 860, giving access to local resources or, for remote access, the Pin code plus a one-time password (generated using the date and time) displayed on a small screen on the side of the token.

Of course Windows knows nothing about Pin codes, one-time passwords or USB tokens. It wants you to log on using a username and password. These credentials are stored in secure memory inside the DP 860 or, if preferred, a smartcard, only to be released and applied when you supply the correct Pin code plus, if logging in remotely, the one-time password.

Logon credentials can be entered manually using the management console provided or learned by the software, as can those required to logon to particular applications and websites. You can also force Windows to allow only logons using the tokens, and lock the PC, logoff or shutdown whenever it’s removed.

The software comes in two parts, starting with the Digipass Secure Authentication Suite (SAS), installed on client PCs and servers to implement local two-factor authentication. The second is Vasco’s VACMAN Middleware, which needs to be installed on a Windows server to allow Radius compatible VPN (Virtual Private Network) clients to also use the DP 860 tokens.

Unfortunately installing all of this can be a time-consuming business, with a fair amount of expertise required along the way. Moreover, the documentation in the pack we tested hadn’t been updated to include the DP 860 tokens and assumed a lot of prior knowledge, which few small businesses will have. Most are, therefore, likely to need expert help from a specialist to deploy the solution.

We were also disappointed to find that Windows Vista wasn’t supported, although that should have been addressed by the time you read this, neither can you use the product with non-Windows computers, although thin clients and Citrix terminals are supported.

On the plus side end users will find it easy. Rather than having to remember lots of different passwords and, possibly, change them on a regular basis, all we needed was a token and a Pin code to enable automatically logging on.

And not just to Windows, but a range of applications and websites. The only problem we had was reading the one-time password on the token when it was plugged in. Depending on the location of the PC and the USB port this won’t always be convenient. A USB extension lead solved that ­ it’s a shame there were none in the box.

The Digipass Pack for Remote & Network Authentication does all we expected, giving the smaller business affordable access to secure two-factor authentication technology.