Now that RSA cannot even be trusted, it might be time to look at alternative dual authentication options. One that we have had success with at C12 is WrightCSS. WrightCSS is a member of the Citrix Partner program and its SMS2 offering has been designated as Citrix Ready.
The WrightCSS Admin GUI sets private PINs and allows one to select from a choice of having passcodes delivered via SMS text messaging, Email or OATHCalc.
We have not tested WrightCSS with physical tokens. If the OATHCalc option is enabled the user can download and install a soft token application such as Google Authenticator to a smartphone. This product can be installed from the apps store for an Android or iOS device. For BlackBerry smartphone, users can download the app from http://m.google.com/authenticator. Note, the BlackBerry version is a bit ‘rustic’ and we’ve found it to not refresh as well as the Android and iOS versions.
When choosing the OATHCalc option, a user can configure the Google Authenticator by manually inputting the username and the Shared Secret (automatically generated by SMS2). Alternatively, after hitting Save Configuration, a QR code will appear. The QR code can be saved to the clipboard and emailed to the user, or if the user is at the admin’s desk (or self-service is enabled) the user can hold the smartphone up to the screen and capture the QR code. Doing so will generate and insert the token into the Google Authenticator app automatically.
To date, we’ve found SMS2 to be a robust, cost-effective (licensing is FREE) dual-factor authentication solution. This isn’t specific to Citrix either as it can work in conjunction with other applications that support RADIUS.