blocks|key|4235821|text|我以前曾与CRYPTOCard一起执行Windows和Linux身份验证。当通过RSA+SecurID查看它时，更多的是所有权的总成本，这是一个需要考虑的关键因素。使用CRYPTOCard，安全管理员可以直接管理令牌，而不必像RSA那样将其发回。当电池失效时，管理员可以更改电池并重新编程令牌。使用RSA时，当电池失效时，您将不得不将其送回并进行替换，这意味着必须有额外的令牌在手边，以便能够迅速更换。这是我在使用安全计算安全字令牌时所经历过的情况。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|entityMap|0|LINK|mutability|MUTABLE|url|http://www.cryptocard.com/^0|5|A|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@$A|L|B|M|1|N]]|C|$]]]|D|$E|$5|F|G|H|C|$I|J]]]]

I have previously worked with <a href="http://www.cryptocard.com/" rel="nofollow noreferrer" title="CRYPTOCard">CRYPTOCard</a> to perform both Windows and Linux authentication. When looking at it over RSA SecurID it was more the total cost of ownership that was a key factor for consideration. With CRYPTOCard the tokens were manageable by the security administrator directly without having to send it back like with RSA. When the battery died the admin could change the battery and reprogram the token. With RSA when the battery died you would have to send it back and have it replaced which meant having to have extra tokens on hand so that they could be quickly replaced. This is the same situation I've experienced with Secure Computing Safeword tokens.

blocks|key|4235578|text|这是一个相对较新的创业公司，但我认为他们的产品是最有趣的2要素授权。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4235579|http://www.yubico.com/products/yubikey/|offset|length|4235580|它比SecurID键fob小。|unordered-list-item|4235581|没有电池。|4235582|不依赖用户读取和重新键入数字。|4235583|电脑上不需要任何司机。|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|13|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|V|8|@]|9|@$D|W|E|X|1|Y]]|A|$]]|$1|F|3|G|5|H|7|Z|8|@]|9|@]|A|$]]|$1|I|3|J|5|H|7|10|8|@]|9|@]|A|$]]|$1|K|3|L|5|H|7|11|8|@]|9|@]|A|$]]|$1|M|3|N|5|H|7|12|8|@]|9|@]|A|$]]]|O|$P|$5|Q|R|S|A|$T|C]]]]

This is a relatively new startup company but I think their product is one of the most interesting out there for 2 factor authorization.

<a href="http://www.yubico.com/products/yubikey/" rel="nofollow noreferrer">http://www.yubico.com/products/yubikey/</a>

<ul>
<li>It's smaller than the SecurID key fob.</li>
<li>Has no batteries.</li>
<li>Doesn't rely on a user to read and retype a number.</li>
<li>Doesn't require any drivers on the computers.</li>
</ul>

blocks|key|4235978|text|在较小的范围内，您可以使用Google身份验证器。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4235979|有一个非常简单的PAM模块可供使用。|4235980|http://code.google.com/p/google-authenticator/|offset|length|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|0|1A|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|O|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|P|8|@]|9|@$F|Q|G|R|1|S]]|A|$]]]|H|$I|$5|J|K|L|A|$M|E]]]]

On a smaller scale you can use Google Authenticator.

There is a pretty straightforward PAM module available for it.

<a href="http://code.google.com/p/google-authenticator/" rel="nofollow noreferrer">http://code.google.com/p/google-authenticator/</a>

blocks|key|497688|text|我必须管理一个智能卡就位的网络。它们是一个可以选择的选项--但是请记住，您现在正在放置一些硬件部件，这些硬件将在组织中的每个工作站上出现驱动程序问题。您还必须授权那些将读取智能卡和机器的软件来创建、更新和修复智能卡。这是真正的皮塔。我真的，真的希望我为之工作的组织选择SecureID。用户可以失去一张智能卡，就像钥匙链大小的数字生成器一样容易。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|497689|简而言之--我不推荐任何其他的双因素认证。SecureID是固体的，它可以工作。|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|E|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|F|8|@]|9|@]|A|$]]]|D|$]]

I have to manage a network where smartcards are in place. They are an OK alternative -- Keep in mind however that you are now placing pieces of hardware that will fail and have driver issues at every single workstation in your organization. You will also have to license software that will read the smartcard and a machine to create, update, and fix the smartcards. Its a real PITA. I really, really wish the organization I worked for opted for SecureID instead. Users can lose a smartcard just as easy as a key-chain sized number generator.

In short -- I wouldn't recommend anything else for two-factor authentication. SecureID is Solid and it works.

blocks|key|4235461|text|看看智能卡。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4235462|用户对Windows+AD进行身份验证。国防部正在使用|4235463|这是微软的计划指南。|4235464|http://go.microsoft.com/fwlink/?LinkId=41314|offset|length|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|0|0|18|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Q|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|R|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|S|8|@]|9|@$H|T|I|U|1|V]]|A|$]]]|J|$K|$5|L|M|N|A|$O|G]]]]

Check out smart cards.

Users authenticate to the Windows AD. In use by the DOD

Here is a Microsoft planning guide.

<a href="http://go.microsoft.com/fwlink/?LinkId=41314" rel="nofollow noreferrer">http://go.microsoft.com/fwlink/?LinkId=41314</a>

blocks|key|4235777|text|如果您不反对运行您自己的PKI基础设施，那么我们在阿拉丁eTokens方面已经取得了长期的成功，这是USB的两个因素。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4235778|我们已经在各种各样的场景中实现了它们--+web应用程序、VPN+auth、SSH+auth、AD登录、共享密码列表和web+SSO密码存储。|entityMap|0|LINK|mutability|MUTABLE|url|http://www.aladdin.com/etoken/default.aspx^0|P|A|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@$A|N|B|O|1|P]]|C|$]]|$1|D|3|E|5|6|7|Q|8|@]|9|@]|C|$]]]|F|$G|$5|H|I|J|C|$K|L]]]]

If you're not adverse to running your own PKI infrastructure then we've had a good long-running success with <a href="http://www.aladdin.com/etoken/default.aspx" rel="nofollow noreferrer">Aladdin's eTokens</a>, which are USB two-factor auth.

We've implemented them in a huge range of scenarios - web applications, VPN auth, SSH auth, AD logins, shared password lists and web SSO password stores.

blocks|key|498177|text|我们去了埃托拉斯，比RSA/Vasco便宜得多。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|498178|http://www.entrust.com/strong-authentication/identityguard/tokens/index.htm|offset|length|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|23|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|M|8|@]|9|@$D|N|E|O|1|P]]|A|$]]]|F|$G|$5|H|I|J|A|$K|C]]]]

We went with Entrust, much cheaper than RSA/Vasco etc...

<a href="http://www.entrust.com/strong-authentication/identityguard/tokens/index.htm" rel="nofollow noreferrer">http://www.entrust.com/strong-authentication/identityguard/tokens/index.htm</a>

blocks|key|4235729|text|我们目前正在评估短信上的2因素认证是否是SecurID或其他与访问卡相关的解决方案的一个可接受的替代方案。显然，如果您正在使用移动应用程序(应用程序运行在相同的设备上，接收到SMS消息)，这是没有好处的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4235730|在我的例子中，这只适用于远程访问/VPN，并且正在查看梭子鱼SSL。|offset|length|entityMap|0|LINK|mutability|MUTABLE|url|http://www.barracudanetworks.com/ns/products/sslvpn_overview.php^0|0|R|6|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|N|8|@]|9|@$D|O|E|P|1|Q]]|A|$]]]|F|$G|$5|H|I|J|A|$K|L]]]]

We are currently evaluating whether 2 factor authentication over SMS will be an acceptable alternative to SecurID or other access card related solutions. Obviously this is no good if you are using mobile applications (application is running on the same device the SMS message is received).

In my case, this is only for remote access/VPN and are looking at the <a href="http://www.barracudanetworks.com/ns/products/sslvpn_overview.php" rel="nofollow noreferrer">Barracuda SSL VPN</a>.

blocks|key|4235935|text|当我查看2FA时，您可能也想考虑ActivIdenty，我喜欢这个解决方案。它们支持SmartCards、USB令牌、OTP令牌、DisplayCard令牌、软令牌。我们查看了这个活动目录。我不确定他们是否支持其他操作系统。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|entityMap|0|LINK|mutability|MUTABLE|url|http://www.activcard.com/^0|G|B|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@$A|L|B|M|1|N]]|C|$]]]|D|$E|$5|F|G|H|C|$I|J]]]]

You might want to also consider <a href="http://www.activcard.com/" rel="nofollow noreferrer">ActivIdenty</a> When I looked in to 2FA, I liked this solution. They support SmartCards, USB Tokens, OTP Tokens, DisplayCard Tokens, Soft Tokens. We looked at this for Active Directory. I'm not sure of any other OS they support.

blocks|key|498277|text|经过4年与SecurID的斗争，我们转而使用Gemalto+.NET智能卡。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|498278|498279|为什么我们不喜欢RSA+SecurID：|498280|每个月我们都会遇到一些问题，一些用户无法登录到他的机器。唯一的解决方案是连接RSA服务器软件，并试图跟踪监视日志的原因。|unordered-list-item|498281|他们的服务器软件确实很难使用，而且不直观。我们只有一个人几乎不知道如何使用它。|498282|您必须每两年购买一次新令牌，然后必须为每个用户切换活动令牌。有时候起作用，有时不行。任何事情都是很难预料的。|498283|您必须在域控制器上安装他们的软件，最好不要删除它或将无法登录到直流。|offset|length|498284|您必须在域中的每台计算机上安装它们的登录窗口。|498285|不能允许对特定用户同时使用密码和SecureID。|498286|他们的支持/文件非常丰富|498287|膝上型电脑用户无法在家中登录，而且在我们的机器上也没有缓存的凭据。|498288|为什么我们选择Gemalto+.NET|498289|498290|这是一张智能卡，完全由窗户支持。所有驱动程序都在Windows上。|498291|你不需要每隔几年买一次新的代币，只需更新证书。|498292|如果您需要其他的东西(然后是简单的登录)，它可以被编写成特殊用途。|498293|如果CA服务器因某种原因而失败，用户可以使用他们的密码登录，但如果需要，可以强制他们使用智能卡。|498294|所有智能卡API/软件都被微软很好地记录下来了。|entityMap|0|LINK|mutability|MUTABLE|url|https://serverfault.com/questions/174393/unable-to-logon-because-of-account-restriction-on-domain-controller^0|0|0|0|0|0|0|P|8|0|0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|1H|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|1I|8|@]|9|@]|A|$]]|$1|C|3|D|5|6|7|1J|8|@]|9|@]|A|$]]|$1|E|3|F|5|G|7|1K|8|@]|9|@]|A|$]]|$1|H|3|I|5|G|7|1L|8|@]|9|@]|A|$]]|$1|J|3|K|5|G|7|1M|8|@]|9|@]|A|$]]|$1|L|3|M|5|G|7|1N|8|@]|9|@$N|1O|O|1P|1|1Q]]|A|$]]|$1|P|3|Q|5|G|7|1R|8|@]|9|@]|A|$]]|$1|R|3|S|5|G|7|1S|8|@]|9|@]|A|$]]|$1|T|3|U|5|G|7|1T|8|@]|9|@]|A|$]]|$1|V|3|W|5|G|7|1U|8|@]|9|@]|A|$]]|$1|X|3|Y|5|6|7|1V|8|@]|9|@]|A|$]]|$1|Z|3|-4|5|6|7|1W|8|@]|9|@]|A|$]]|$1|10|3|11|5|G|7|1X|8|@]|9|@]|A|$]]|$1|12|3|13|5|G|7|1Y|8|@]|9|@]|A|$]]|$1|14|3|15|5|G|7|1Z|8|@]|9|@]|A|$]]|$1|16|3|17|5|G|7|20|8|@]|9|@]|A|$]]|$1|18|3|19|5|G|7|21|8|@]|9|@]|A|$]]]|1A|$1B|$5|1C|1D|1E|A|$1F|1G]]]]

After 4 years of fighting with RSA SecurID we switched to Gemalto .NET smart card. 
Why we don't like RSA SecurID:

<ul>
<li>every month we have some problems with some user that was unable to logon to his machine. The only solution was to connect to RSA server software and try to trace the reason watching logs.</li>
<li>Their server software is really hard to use and unintuitive. We had only one guy who barely had a knowledge how to use it.</li>
<li>You must buy new tokens every two years, Then you must switch the active token for each user. Sometimes it works, sometimes not. You never know.</li>
<li>You must install their software on Domain Controller, and better don't remove it or you <a href="https://serverfault.com/questions/174393/unable-to-logon-because-of-account-restriction-on-domain-controller">will not be able to logon to DC</a>. </li>
<li>You must install their logon window on each machine in domain</li>
<li>You cannot allow to use both password and SecureID for specific user</li>
<li>Their support/documentation is awfull</li>
<li>Laptop users were unable to logon at home - and no cached credentials never worked on our machines</li>
</ul>

Why we choosed Gemalto .NET 

<ul>
<li>it's a smart card which is completly supported by windows. All drivers are on Windows Update.</li>
<li>You don't need to buy new tokens every few years, just renew certificates.</li>
<li>It can be programmed for special use if you need something else (other then simple logon).</li>
<li>Users can login using their passwords if your CA server fails for some reason, but you can force them to use smart card if you want.</li>
<li>All smart card API/sofware is rather well documented by Microsoft.</li>
</ul>

blocks|key|498339|text|在所有软件方面|type|unstyled|depth|inlineStyleRanges|entityRanges|data|498340|http://www.wikidsystems.com/|offset|length|498341|他们有一个免费的社区版。|entityMap|0|LINK|mutability|MUTABLE|url^0|0|0|S|0|0^^$0|@$1|2|3|4|5|6|7|N|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|O|8|@]|9|@$D|P|E|Q|1|R]]|A|$]]|$1|F|3|G|5|6|7|S|8|@]|9|@]|A|$]]]|H|$I|$5|J|K|L|A|$M|C]]]]

On the all software side there is

<a href="http://www.wikidsystems.com/" rel="nofollow noreferrer">http://www.wikidsystems.com/</a>

They have a free community edition.

blocks|key|4235875|text|我很高兴使用移动-otp。为您的移动应用程序提供简单的java应用程序%2B可以从bash+/+php+/几乎任何东西调用的代码。甚至是pam模块我还没用过。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|entityMap|0|LINK|mutability|MUTABLE|url|http://motp.sourceforge.net/^0|6|6|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@$A|L|B|M|1|N]]|C|$]]]|D|$E|$5|F|G|H|C|$I|J]]]]

i'm happy user of <a href="http://motp.sourceforge.net/" rel="nofollow noreferrer">mobile-otp</a>. simple java application for your mobile + some code you can invoke from bash / php / practically anything. and even pam module [ which i have not used ].

Have you used, and would recommend, an alternative to RSA SecurID for two-factor authentication?

Alternatives to RSA SecurID?

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

EdgeOne AI 安全实战专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云AI代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

功能1上新10个字符

功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符功能2描述100个字符。

功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符功能2上新100个字符。

功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符功能5描述100个字符

功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符功能5上新100个字符

功能4上新

文章&问答评论现已支持表情

全新交互，全新视觉，新增快捷键、悬浮工具栏、高亮块等功能并同时优化现有功能，全面提升创作效率和体验

社区富文本编辑器全新改版！诚邀体验～ 

精选全网热门MCP server，让你的AI更好用 🚀

💥开发者 MCP广场重磅上线！

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

您是否曾使用，并将推荐一种替代RSA SecurID的双因素身份验证？

问RSA SecurID的替代品？
EN

回答 12

Server Fault用户

Server Fault用户

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问RSA SecurID的替代品？EN

回答 12

Server Fault用户

Server Fault用户

Server Fault用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问RSA SecurID的替代品？
EN