Tricipher Survey Reveals the Need For Strong Authentication Systems That Better Address

SAN MATEO, Calif. July 27, 2005 – TriCipher, Inc., the innovators of strong authentication for the real world, today announced survey results that provide insights into the challenges enterprises face in implementing and using secure authentication — and desired solutions for meeting these challenges. IT executives from some of the world’s largest corporations completed the TriCipher-sponsored survey. Survey respondents acknowledged major challenges including authenticating remote users, a rise in phishing attacks on employees, and users writing down passwords. However, despite a clear understanding of the challenges, they also noted the barriers preventing them from moving to stronger authentication. Major barriers reported in the survey included user adoption, cost and difficulty managing and integrating multiple solutions.

“The implementation challenges with strong authentication stems from the fact that most systems aren’t designed to take into account the needs of different groups of users, or different processes across divisions,” said Bob West, President of Echelon One, a leading information security consultancy and former CISO of Fifth Third Bank. “As a result, organizations delay the implementation of strong authentication, increasing the risk of a successful attack.”

Recent findings by the Financial Services Industry Practices of the member firms of Deloitte Touche Tohmatsu (DTT) validate this premise. According to DTT, one of the key trends emerging in 2005 is the shift from attacks on technology systems to those that rely on user behavior. This underscores the significant role the user plays in maintaining enterprise security, and the importance of implementing information security systems designed for real people to use.

TriCipher Strong Authentication Survey Highlights
The survey was designed to uncover key trends and current enterprise pain associated with strong authentication and addressed a range of issues regarding strong authentication and its inherent risks and challenges. Key findings include:
◦ 68 percent of survey respondents identified the biggest business risk associated with authentication security failures as reputational loss and rising costs associated with downtime and IT administration.
◦ 54 percent of respondents reported their employees had been phished versus 32 percent of their customers.
◦ 44 percent of respondents named password related vulnerabilities as their biggest authentication threat.
◦ 50 percent of survey participants identified remote users as the major authentication issue they are facing today.
◦ 56 percent stated their existing strong authentication system was too hard to use, manage, or integrate with other systems.
◦ 48 percent of respondents surveyed named cost as the biggest barrier to implementing strong authentication.

The survey also revealed that the ability to effectively manage strong authentication is a key issue. Fifty-six percent stated their existing authentication system was too hard to use, manage, or integrate with other systems.

“The results of this survey clearly substantiates the need for strong authentication is greater then ever, but there are serious challenges with current systems — especially around their complexity, which inhibits end-user adoption, and makes them incredibly difficult to manage,” said Ravi Ganesan, CEO, TriCipher. “By splitting the credential, eliminating back-end password files, and leveraging existing infrastructure, TriCipher provides a way to implement strong authentication that is easy for users to adopt because it eliminates the need for complex password policies, and is also extremely affordable and easy to manage.”


The TriCipher Armored Credential Systemâ„? (TACS) provides strong security with ease of use and management. The system is based on two key innovations:
1 Multi-part credentials — One part is stored on the TACS Appliance at the data center and the user keeps the other. Since the user doesn’t have the whole credential, an attacker can’t steal it from them.
2 Flexible factors – A variety of factors can be used to derive the part of the credential kept by the user. Options include the password, a key stored on the PC, and/or any portable device such as smartcards, USB memory sticks, or One Time Password tokens. If desired, multiple factors can be applied. This creates unprecedented flexibility in creating different authentication levels to match application, data or user risk while significantly reducing phishing threats and the need for complex password rules. It also provides a growth path for enterprises to migrate users to stronger authentication as attacks change over time.

The results of the “Strong Authentication Challenges and Trends Survey” can be viewed at http://tricipher.com/news/surveys/.

About TriCipher, Inc.

TriCipher, Inc. provides strong authentication for the real world. The first authentication system that issues multiple types of credentials from a single infrastructure, the TriCipher Armored Credential Systemâ„? (TACS) allows for authentication strength to change in response to new threats without any infrastructure changes. Our patented technology fills the gap between authentication systems that are either not secure enough or too hard to use and deploy. TriCipher’s innovative approach to strong multi-factor authentication protects against phishing and eliminates dictionary attacks. Founded in 2000, TriCipher is headquartered in San Mateo, California. The Company was incubated as NSD Security before launching as a separate entity in 2005. Investors in TriCipher are ArrowPath Venture Capital, Intel® Capital, Trident Capital and Wasatch Venture Partners. For more information, please visit www.tricipher.com or email info@tricipher.com.