Less passwords but still secure! That would be a better world, wouldn't it?
Working for a large security conscious corporation (Intel), I have been frustrated having to reenter my VPN password every time I got dropped by my home cable network or from a conference or hotel's overburdened network. Each time I would lose my train of thought, as I had to shift gears to remember and type in that additional password. And it turns out, Intel's IT department spends a fair amount of money each year handling all the forgotten password/password reset calls, especially given some employees only use the VPN password during occasional travel.
So it really was an improvement for both sides when Intel determined that my access was just as secure without requiring I type in a VPN password on each connection request.
So how is it possible that, in this age of increasing multifactor authentication, I would no longer need to type in that password? You're guessing I now have to carry a hardware dongle or a smartcard and reader, aren't you?
But no additional hardware for me to have to remember! My Intel® vPro™ technology laptop provides a hardware root of trust in its firmware,and this Intel® Identity Protection Technology (Intel® IPT), has a hidden workspace and an encryption key that is never visible to the OS. (Or more importantly, never visible to malware). . So my system can not only create and encrypt a PKI certificate without additional hardware, but that certificate is of no value on any other system (so no value in hijacking). - Note, if you are using software based PKI, hijacking is a major concern.
It is important to note that this is just one level of a multi-level identity/authentication scheme. We already have hard drive encryption and Windows^ logon to prove I own access to this system, Hence another password does not prove anything new. But my machine's hardware root of trust PKI credentials prove a lot to Intel IT and was deemed to provide sufficient security to remove this additional password requirement. So no matter how many times my home or hotel network connection drops, or my system times out, it doesn't take me any more effort to get on the network than what I've already done to get back into Windows.
End results: Nothing extra to carry around or hook up, no certificate hijacking risk, and no more calls to IT about that additional password. That's one step towards a better work world for me!
Reference: Click here to read what Cisco's Russell Rice had to say about No Password VPN with Intel IPT with PKI
Implementation Notes: Intel® Identity Protection Technology with PKI does not require Intel® vPro™ technology activation, but does require a business PC using 3rd generation and higher Intel® Core™ vPro™ processors or Intel(R) ® Atom™ Processor Z3700 Series in a business tablet running 64 bit Windows 8* (DT mode). Client software is provided by the Intel® IPT with PKI client software, and the enterprise server should be a Microsoft or security ISV's Certificate Authority (including Symantec* Managed PKI*). Contact your Intel representative for more information.