By Andreas M. Antonopoulos, Principal Analyst, Nemertes Research

October 1, 2004

Last week AOL (NYSE: TWX) announced a new premium service, a so-called “two-factor” authentication system called Passcode. The system requires a number read from the screen of a key fob (a keychain-sized device) made by RSA Security Inc. (NASDAQ: RSAS) and provided to users by AOL. The RSA device generates a new number every 60 seconds, and each number is usable only for 60 seconds, thereby protecting its user from key-loggers, shoulder surfing, and other password-theft techniques.

Authentication systems can use one or more “factors” to identify a person, commonly recited as “something you know” (a secret), “something you have” (a token), and “something you are” (biometric). AOL’s new system offers two-factor authentication with the user’s password, which is the secret, and the RSA key fob, which is the token.

The complete Impact Analysis is available to Nemertes clients. For more information, please contact Chris Zimmerman at christine@nemertes.com