|
SAFEMLS® supports many different types of authentication tokens. Illustrated below are some of the different authenticator token types and models and explanations of how specific types, in combination, create the best solution for the real estate industry.
Hardware tokens
Hardware tokens have been deployed by major enterprises worldwide to millions of end users and are widely recognized as the most robust, reliable and easy to use authentication devices on the market. Hardware tokens are available in multiple hardware form factors:
Alpine Token
The Alpine token combines a sleek new compact design with the added feature of a sturdy clip for convenient attachment. The Alpine token offers the strength and reliability you’ve come to expect from Clareity Security, with unmatched authentication capabilities. The token offers numeric display, can be time or event based, and is OATH standard compliant. Best of all – it has a lifetime warranty!
SAFEMLS® Token (Silver)
Compact and easy to use, this SAFEMLS token fits on your keyring and provides one-time passwords with the push of a single button. An MLS can also optionally require a PIN, in addition to the token password when logging in, to provide stronger authentication.
Gold
This unique token combines a convenient key ring size with an onboard PIN pad for added security. The Gold will only generate the correct password after the correct PIN has been entered, and has attack lockouts if the wrong PIN is entered too many times.
Platinum
The Platinum token provides an onboard PIN pad in a popular calculator-style case. The Platinum also supports attack lockouts, challenge-response authentication, and user PIN changes. In addition, the Platinum allows battery replacement without losing token programming, giving it an almost unlimited life.
Clareity recommends Silver 2000 hardware tokens as a key part of the real estate industry solution because of the ease of use and low total-cost-of-ownership for agents and other end-users. Most importantly, these standalone hardware tokens don't require hardware or software installation on the many computers and other devices that agents use to access MLS data - they are truly stand-alone and platform agnostic.
TEXT-pass®
With TEXT-pass, one-time use passwords are delivered to the end-user’s mobile phone as a SMS text message. There is no special device, download or software required to use TEXT-pass, making it a true zero-footprint solution. Once a user is enrolled in TEXT-pass, they can send a text message to Clareity Security and within seconds, a single use password will be delivered to them in response. Any cellular phone or smartphone that supports SMS messaging is TEXT-pass ready! More information
MobilePass®
MobilePass® is a software-based two-factor authentication solution that generates one-time passcodes right on your favorite mobile phone or laptop/desktop PC. The product works on a wide range of mobile phone platforms, including BlackBerry, Palm, Windows Mobile, and J2ME-enabled devices and is also available for Windows Desktops, where one-time passcodes are generated right on your laptop or desktop PC. MobilePass is completely integrated with SAFEMLS and leverages the same trusted authentication platform as our hardware token-based solutions.
SofToken™ II
Secure Computing's software-based token, SofTokenTM II, is for users who need the security of one-time passwords but can not use a hardware token. SofToken II generates a dynamic password just as the handheld tokens do, but the SofToken II software resides on the hard drive of the user's laptop or desktop system and includes security so it can not be copied from system to system.
This software solution is not optimal as the primary authenticator for most users because it is meant for use on a single PC and can not be used on the multiple computers and devices that agents often use. However, it has one important use where other authenticators don't work - it can be integrated with other software so, for instance, software that downloads listings from the MLS without user interaction can connect to the SofToken and then connect to the MLS using a dynamic password.
Digital certificates, USB tokens, smart cards, and PKI user authentication
PremierAccess also has embedded support for PKI user authentication, including digital certificates, smart cards and USB devices. PremierAccess can issue standards-based X.509 digital certificates or authenticate certificates from most major PKI vendors, including VeriSign, Entrust, Baltimore, Microsoft, and Netscape. A wide variety of smart cards and USB tokens are supported, including those from ActivCard, Safenet, Gemplus, Axalto, Rainbow, Aladdin, and other vendors.
The problem with digital certificates is that they are too easy to copy from computer to computer, so they only provide limited protection against hackers rather than more complete protection against account sharing.
The problem with smart cards is that they require a smart card reader to be installed on the user's computer. If the agent is using a consumer's computer or another computer at a remote location, this may be impractical. If the agent is using a mobile device, this format is impossible.
SAFEMLS supports a USB solution called the iKey, but a USB token will have similar problems to those faced by smart cards - there's nowhere to plug in a USB token on most mobile devices for remote MLS access or on many computers at coffee shops, business centers and other places agents work. If the agent is visiting a consumer home, the computer may be buried under the desk and not have a USB port on the front - making it very awkward or impossible to install the USB token. Additionally, agents using Windows 98 computers may also need to install 'driver' software.
Digital certificates, USB tokens, smart cards, and PKI user authentication may be good solutions in the corporate environment, but Clareity found that, for all the reasons mentioned above, they are not optimal solutions for the typical MLS user.
Biometrics
Fingerprint scanners, signature readers, and other biometric devices promise the next wave of authentication technology. PremierAccess supports a wide variety of biometric systems, including solutions from Sony, NTT, and DigitalPersona.
Like some of the other token forms mentioned above, biometrics would require hardware and software to be installed on computers or other devices being used for MLS access and is therefore impractical. However, an MLS may choose to deploy biometric devices to protect highly sensitive resources, such as the accounting system, internally in the office where such devices can be supported.
GE Security / Supra keys
SAFEMLS is integrated with the GE Security / Supra electronic keybox system so lockbox users can use the Supra eKEY, ActiveKEY or DisplayKEY to obtain one-time passwords for MLS access. Not every real estate professional has a lockbox key, and those that have lockbox keys don't always carry them everywhere they want to access the MLS, but some GE Security lockbox users may wish to use their existing lockbox keys as a SAFEMLS authenticator.
Conclusions
Clareity Security recommends the SAFEMLS token as the primary authentication token for MLS end-users. The MobilePass text messaging solution may work for some users, but is best used as a backup to the SAFEMLS® Alpine or Silver tokens. SofToken is useful for special situations where it is necessary for non-interactive software to authenticate to the MLS. Some GE Security lockbox users may wish to use their existing lockbox keys as a SAFEMLS authenticator.
Back to SAFEMLS main page
|
