I have a question about your policy when sending tokens to Third Party Vendors? Do you send a hardware token to them or a software token? What is safer?
I am on the verge of needing more hardware tokens but have a number of available software tokens, should I send them or purchase more hardware tokens to send to external vendors?
Is the a correct answer to this?
Thanks.
Ryan
Ryan McVey,
I've moved your question to the RSA SecurID Access space so it can be seen by others who use Authentication Manager and the SecurID tokens.
Whether you provision hardware or software tokens to your outside contractors is a decision that needs to be made based on your company's security policies. That being said, I'd be curious what members of this community have to say. There are arguments for opting for hardware tokens v software tokens and vice versa.
For example, some people think hardware tokens are more secure, but our technical people say both options are equally secure. If you provide a software token to a contractor, when they no longer need to authenticate to your resources, you simply revoke it and then when needed, distribute that same token serial number (with a new set of random numbers) to a new contractor. Take a look at Myth 3: Dispelling The Myths around Software Tokens Easy peasy . . . and there is no need to worry about whether the hardware token mailed back to you.
OK RSA admins who are reading this, give us your feedback in the hardware versus software token debate!
Regards,
Erica