A bit of background: I work for a state government agency that does federal government transactions and as such a few years ago we were mandated to encrypt all machines that potentially held any kind of client data. There was little planning and no training, but we got SafeBoot up and running, and it's messy - dozens of calls every day about forgotten passwords (password only token). We just got a new IS director and I want to go to him with data showing that in the long run using a number generating token or USB token will save money over the man hours wasted talking people through recovery and resetting their password.
As of right now we're mixed - most of our XP machines are on SafeBoot (about 1000 machines) and all of our Win 7 machines are on ePO managed endpoint encryption.
What kind of cost, per seat, are we looking at for the most basic number generating keychain token or a simple USB token? Is it possible to have the number generator be the only authentication? (as I said, we tend to have lots of people forgetting their passwords). What are the pitfalls or gotchas I need to look out for? What companies have you had the best experience with? Does McAfee recommend one over the other?
thanks in advance.
You can't use a time token, because the system you're trying to authenticate to doesnt have network access to validate the response.
And a USB key still needs a PIN/Password, so you won't solve your forgotten password issue, and you'll add a forgotten token issue to the equation.
Do you have the same problem with Windows passwords? Did you ever try using the EEPC self recovery options? maybe that could reduce calls?