Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: The CEO and his elusive token

Steve Watts | May 13, 2011
A tale of inadequacy, woe and career destruction – or is it? (Based on a real life story)

Arriving at the luxury lodge Paul plugs in his laptop and starts trying to 'hack' the system. It's futile as, without the authentication token, he can't get past the welcome screen to the veritable wealth of information that should be at his fingertips.

A call to reception confirms that there are computers in the bar, with Internet access, that he can use, though still not the answer to Paul's prayers.

While his wife and children are happy with the distraction, and the wine is very tasty, unfortunately without his authentication token, Paul can only access public systems and newswires to read what's happening back in London. Still locked out of the network, Paul's powerless to access the information he desperately needs to start changing what's happening.

The authentication security system, while obviously effective, had seemed pricey when the board had first authorised the budget five years ago and the ongoing costs aren't cheap either - Paul's nervous it's going to prove even more expensive than first calculated on a personal level!

Evasive action avoids capture

As Paul starts contemplating returning to London, a chance glance at the person sitting at a nearby computer offers his first glimmer of hope.

The screen looks very similar to his welcome screen and the man appears to be consulting his mobile while inputting the authentication code. A few seconds later and, while Paul can't read what's written on the screen, he can tell the man is busy perusing an excel file. A quick chat reveals that it is exactly what it appears - an alternative to physical two-factor authentication that uses virtual tokens.

Any phone that receives SMS messages, which Paul's and practically every mobile in the world does, can be used as an authentication token.

Time to turn predator

Paul wastes no time. As he calls IT to share what he's learnt, he starts researching the solution. According to the company's website, it can be installed within 24 hours and 18,000 users can be up and running in an hour - that beats the six months it took for the present system! The icing on the cake is, while resolving his current predicament, it also reduces the ongoing running costs of the physical tokens his company's using by almost 60 per cent, making it a no-brainer. A few phone calls later and the expense is rubber stamped by the rest of the board.

In no time at all, Paul receives a text, with his authentication code, and gets logged into the network. He's able to review and authorise the statement reassuring shareholders that the current board are on top of the situation and advising them to dismiss the offer. He sends various documents and contracts to his legal team, prepares financial statements and material to assure the bankers and even accesses and circulates the dossier he's compiled 'just in case' on Martin and S&E Plc.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.