Products and Solutions

SecurID and the Evolution of Identity: A Brief History

Jun 16, 2021 | by SecurID Blog |
Person using a laptop and phone

SecurID has been at the center of the evolution of identity and access management (IAM) for more than 30 years, from the time the name first appeared on a hardware token to its current association with every method of multi-factor authentication (MFA). Today, thousands of organizations count on SecurID not just for authentication, but also for all the modern identity management capabilities they need to thrive in the digital world.

This is the story of what has transpired along the way to make identity the bedrock of all security—and SecurID the trusted identity platform.

But first: Back to the 1960s for some pre-history context

Identity began to emerge as a fundamental component of information security in the 1960s, when passwords became the means through which a person could prove their identity, authenticate to a computer and gain access to the data stored there.

It quickly became clear, though, that a password proved little about a person’s actual identity, given that anyone holding that password, legitimately or not, could use it. From there, the history of authentication continued with the development of secure password storage and public-key cryptography in the 1970s. Then in the 1980s came one-time passwords—the authentication mechanism of many forms of both token-based and tokenless authentication. It is against this backdrop that the history of SecurID unfolds.

1990-2005: From tokens to tokenless strong authentication

In 1990, tokens became the first identity security technology to be branded as SecurID, but they were by no means the last. Ten years later, SecurID—as part of RSA Security—was well-established as a brand of authenticators; by 2005, it had expanded to include a range of form factors, with several types of hardware tokens, as well as software tokens that could be installed on the PCs, handheld devices and mobile phones of the day. Around that same time, SecurID also introduced capabilities for strong authentication without having to issue physical tokens. This opened the door to a variety of MFA capabilities and lay the foundation for tokenless strong authentication on-premises or in the cloud.

2006-2015: Entering a new era in identity security

Midway through the first decade of a new century, SecurID was continuing to evolve to better enable identity security in technology environments that were becoming more complex and more vulnerable to credential-based cyber attacks, in which bad actors would use stolen passwords to impersonate legitimate users to gain access to secured resources. During this time, the broad capabilities that had been established since 1990 enabled SecurID to provide organizations with more choices—from token-based to tokenless authentication, for environments from ground to cloud. The idea of offering choices to match different business needs, and to make authentication convenient for different kinds of users, remains a guiding principle for SecurID today. By 2014, SecurID was providing even more resources for modern IAM, adding new capabilities in identity governance and mobile MFA, as well as building on foundational capabilities in areas like cloud-based identity management and single sign-on (SSO).  

2016-2020: Opportunity and challenge in a tumultuous time

Even as 2016 brought corporate changes for SecurID, our team continued to focus on advancing the technology and shaping the future of IAM. From 2017-2019, SecurID announced major enhancements, including a cloud-based authentication-as-a-service option for customers moving toward a SaaS model; expanded interoperability through certified integrations with a growing number of third-party technology providers; and a FIDO2-enabled solution incorporating the FIDO2 open standard that supports passwordless authentication.

In February 2020 came the announcement that RSA would become independent of Dell, news that would soon be eclipsed by a global pandemic of unprecedented scope and impact. The coronavirus’ effects on most organizations have been nothing short of transformative. COVID-19 dramatically altered how organizations everywhere conduct business, as lockdowns resulted in the percentage of remote workers nearly tripling.

By early spring, organizations everywhere were shifting to fully remote operations, creating an urgent need to enable the remote workforce to connect securely from home. SecurID was there to answer the call—and to continue to provide guidance to organizations through the transition to the hybrid workforce of the future.

For organizations that can adapt to these trends strategically, the new work-from-anywhere dynamic introduces major advantages, including enhanced productivity, the ability to recruit from anywhere and dramatically reduced real estate expenses. Many organizations are already making that shift: in a January 2021 PWC survey, 83% of employers reported that the shift to remote work has been successful for their companies—compared to 73% in June 2021. The same study also found that fewer than one in five executives wanted to return to offices as they were pre-pandemic.

2021 and beyond: The trusted identity platform

Today, as the digital world moves through the post-pandemic phase, and SecurID establishes an independent brand identity for the first time in its history, identity security is front and center. As the first line of defense against cyber attacks and data breaches, identity today underlies every important aspect of securing the digital enterprise. SecurID will continue to be on that front line, as the trusted identity platform for organizations that are embracing new digital opportunities and confronting the identity challenges those opportunities bring. 

SecurID: A History of Innovation
1990   

SecurID-branded hardware tokens

1998   

Single Sign-on (SSO)

2001   

Smart cards

2005   

Multiple hard and soft token form factors

2006   

Tokenless strong authentication

2014   

Identity and access governance (IGA)

Mobile multi-factor authentication

2017   

Cloud-based authentication-as-a-service

Advanced dynamic risk-scoring functionality

Expanded interoperability (Palo Alto Networks, VMWare, Microsoft, CyberArk)

2019   

FIDO2-enabled authentication

2018   

Advanced analytics to expedite access reviews

2020   

Cloud-first single platform for identity and access management

2021   

Cloud-based governance & lifecycle management as-a-service