Scorpion Software's AuthAnvil will change your perception of two-factor authentication products and improve the security of your authentication process without breaking your budget. AuthAnvil is highly recommended.

Two-factor authentication is a popular option for increasing the security of remote access and access to internal applications. Two-factor authentication improves security by using not only something you know (e.g., a PIN, a password) but also something you have (e.g., a smart card).


PROS: Easy to configure and use; high-quality security tokens; great technical support; is less expensive than other solutions, yet doesn't sacrifice quality

CONS: Initial installation process wasn’t completely flawless

RATING: 4 out of 5

PRICE:$75 per $50 annual subscription per token

RECOMMENDATION: Highly recommended for anyone looking for a two-factor authentication solution.

CONTACT: Scorpion Software • 604-824-9001 or 888-407-4285 •

Many organizations that are interested in two-factor authentication don't pursue it after discovering that such solutions are typically expensive and require considerable time to integrate the software with existing systems. Scorpion Software’s AuthAnvil tackles both of these problems head-on.

AuthAnvil is a key chain token that displays a unique eight-digit alphanumeric passcode for about 30 seconds whenever the user presses a button on the token. When the user enters the passcode combined with a PIN, the resulting code and username is passed to the AuthAnvil server software by way of an authentication agent.

AuthAnvil is sold in reasonably priced packages of five tokens. The tokens are CRYPTOCard's model KT-1, a beefy metal token that holds up to abuse and is easy to use—and more importantly, easy to read.

Installation of the AuthAnvil software is straightforward. You download AuthAnvil's Strong Authentication Server software and agents over the web. Strong Authentication Server provides a web interface for user management. Agents provide logon via the interface shown in Figure 1 (below) to Windows desktops and servers (including terminal servers); Remote Authentication Dial-In User Service (RADIUS) client authentication, such as from VPN endpoints and wireless access points; and web logon for Microsoft Internet Information Services websites and virtual directories. An agent to protect Windows Small Business Server's Remote Web Workspace feature is available for an additional fee.

I tested both the Windows logon agent and the RADIUS agent. Both agents were easy to install and even easier to use. However, my initial installation of the authentication server itself produced a Visual C++ runtime error. I contacted Scorpion Software via the live chat support option on the company website and reached an engineer who had seen the problem before and resolved it within minutes. Although the cause wasn’t entirely clear, an uninstall and reinstall of the product resolved the error.

The real test came with a group of users, however. After receiving tokens and a description of what they would see upon attempting to log on to a terminal server, not one user had difficulty authenticating. Likewise, security managers were comfortable with the solution and pleased to have two-factor authentication that didn't break their budget.

Give AuthAnvil a look; it will change your perception of two-factor authentication products and make you more secure as well. I highly recommend it.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.