What is ‘seed data’ and why does it exist?
Seed data is the unique DNA that enables any form of two-factor authentication (2FA) to produce a unique passcode. It is a fundamental building block of any type of 2FA.
What should resellers know about seed records?
The manner in which seed data is set-up varies across different vendors. Most vendors ‘pre-seed’ hardware tokens, meaning the seed is planted into a token before it leaves the factory. This flies in the face of the central tenet of security – compartmentalisation – as it means multiple entities have access to the data, increasing the risk of a breach. Only a handful of vendors allow end-users to seed the tokens themselves, which means that only the end-users and the authentication server hold seed data records.
Who is responsible for keeping the seed data secure?
Responsibility for the seed data lies with whoever holds the data – or copies of it. In pre-seeded tokens, copies will be held by the vendor, the end-user, the authentication server and potentially the reseller, too. This makes all of them responsible for the data. In self-seeding tokens, the responsibility is limited to the end-user and the authentication server – the only two entities that really need to have access to it.
What are the implications of such data being lost/breached?
Once someone has access to the seed data, they have the ability to recreate the token. From there, all they would have to do in order to gain unfettered access to an organisation’s network is to get a hold of an individual’s username and PIN number. This is far easier to do than most people would ever suspect. Consequences can be tremendous for both the organisation being compromised – and the reseller responsible for procuring the solution.
