Online Identity and Trust

Say you've got a web application that you develop, and you want to provide your users a stronger form of authentication beyond a simple username and password. Or your users have been asking about two factor authentication, but actually implementing it never moves up on the priority list because your boss thinks it's too complicated, will require months of coding, and a giant new server farm to handle the extra authentication. Or you've got a PayPal Security Key or VIP Security Card and want to enable your own site to use it.

Welcome to the VIP Developer Test Drive!

Today we announced that we're making the API to the VIP Authentication Service freely available to developers to try out on their own. No salespeople to call, new servers to install, or paperwork - just fill out a simple web form and download. We'll give you the API documentation, SOAP WSDL, and access to your own little corner of our pilot web service.

Why are we doing this? Well, because almost every time we meet with a company's technical team, they start out skeptical -- integrating the VIP Authentication Service can't be as easy as we say it is. So we send them the API, they check it out, and then reply back, "You're right, it really is that easy." Now we're cutting out the middleman and letting you download it on your own.

We're also looking to see what ideas the developer community has for this technology. Through our experience with OATH, we've been amazed at the innovation that can happen when technology building blocks are just put out there available for anyone to use. So let us know what you think!

Now let me be clear: the Test Drive is designed for developers. There's no point and click GUI or fancy installer - it's a SOAP web services API. If you've ever written a web services client, it should be very straightforward. If you haven't, that's cool too -- we've got sample code for Java (using Apache Axis 1.4) and C# (using .NET 2.0) to get you started.

Check it out at http://vipdeveloper.verisign.com. Comments or questions? Comment below or email us at vipdeveloper@verisign.com.

Posted by Jeff Burstein at 09:00 AM | Permalink | Comments (3)

Posted by Vijai Shankar, Sr. Product Marketing Manager at VeriSign, Inc.

I posted earlier today about the difficulty in remembering passwords, security questions, our daily tasks etc. and mentioning consumers to ask organizations to introduce secure, yet painless authentication methods. Here's another incentive for organizations to make life easy yet secure for consumers at a lower cost. VeriSign is now offering up to 5,000 FREE CREDENTIALS to each organization joining the VeriSign Identity Protection Network by Sept 30, 2008. This is a great incentive for organizations looking to deploy strong or two-factor authentication and be a part of a Network enables consumers to use a single credential across multiple site. The timing is opportune. With quite a few folks from the security industry at the RSA Conference next week in San Francisco, if you want to know more information stop by the VeriSign Booth # 1316 at the conference and we can help.

~Vijai

Posted by Vijai Shankar at 02:32 PM | Permalink | Comments (0)

Posted by Vijai Shankar, Sr. Product Marketing Manager at VeriSign, Inc.

We are seeing more and more articles about the difficulty remembering username and passwords. To add to the list along with our other stuff to remember i.e. household chores, birthdays etc., we now have to remember the new trend of security questions along with username and passwords. I was having a problem logging into one of my student loan accounts, which not only had a username and password but a set of security questions in a PARTICULAR order. Phew, needless to say I was locked out and had to call in, listen to some crazy call center music and after 15 minutes of waiting, spoke to an agent to unlock my account.

I saw this article in The Wall Street Journal about the daunting task of managing passwords, a complicated system she came up with, aggravated by the added task to manage answers to security questions. Can't we make all this simpler and yet secure? How about a stronger authentication and painless authentication process like using a single device be it mobile phone, tokens, SMS etc. to generate unique codes eachtime at all my online sites? How about asking your organizations that you transact online with to join a trusted Network that enables you consumers to use a single credential across multiple sites thus offering secure yet painless authentication process? The answer is right here, the VeriSign Identity Protection Network. Now is a great time for your organizations to join and be a part of a Network that will drive consumer adoption across the globe.

~Vijai

Posted by Vijai Shankar at 08:50 AM | Permalink | Comments (0) | TrackBacks (0)

Posted by Kerry Loftus

I drove my 13-year-old and his friends to one of their activities recently (yes, I have a minivan) and their conversation was really interesting and eye opening. I quickly called my gal pals in Erie, PA to find out if they were hearing the same and got the affirmative so this is not just a 'valley' phenomena. All of our kids are online and many are using various email, IM and social networking applications. Did you know that they all know each other's usernames and passwords? If they don't know the password part, they can very quickly guess (I chimed in at one point and asked them if they knew anything about 'strong passwords'-- most of them replied that they just use 'password'!). They didn't really think protecting the information was important.

It's probably harmless to sign in as your friend on IM and send one of the girls in your class a provocative message, but couldn't that be the tip of the iceberg? What about online harassment when pranks become more than just kid fun? Our kids are revealing more and more of themselves on the public internet everyday through these applications and many of us have done the right parental things in response. We know to put the computer in a more public spot in our house; we know to ask what they're doing online and periodically check over their shoulders. But did you know how easily kids can "become" each other online? By logging in their email, IM and social networking sites with their guessable usernames and passwords, it's pretty easy to impersonate almost anyone they know. In addition to these guessable usernames and passwords, I'd like to see my teenager's accounts protected with something he physically has in his possession (enter a second-factor one-time password credential). Let's give our kids real, permanent control over what they want to communicate to the rest of the world.

Posted by Kerry Loftus at 01:38 PM | Permalink | Comments (0) | TrackBacks (0)