SafeNet IDProve 110 6-digit OTP Token for Use with Amazon Web Services Only

I bought this over a year ago and it's been a champ! Still works great and was super easy to bind to my AWS account, I use it all the time to log in, zero issues.

The Gemalto Ezio token is quite similar to the RSA SecureID token which I think is more prevalent in the market. It does exactly one thing: Display a pseudo-random number that changes according to time. After the device is activated, it becomes impossible to login to AWS web interface without entering the number shown on the token. Activating the token with AWS is dead-simple, and its integration with the AWS authentication process is first-rate. The primary benefit of this device is that it provides a second-factor for authentication other than one's password. In other words, even if someone steals your AWS username and password, they still will not be able to access AWS web management functions without physical possession of the token. Since it's been proven time and again that SSL on its own does not a secure system make, this kind of extra protection is not a luxury but rather a necessity, and it's nice that Amazon finally provided such a solution. There are a few areas where the use of the token could be improved. * Only a single token can be linked to a single AWS account. This obviates a few usage scenarios for the device, which is a shame. * It would be nice if the use of the token would be extended to other parts of the Amazon network. Amazon Payments and the seller areas are obvious areas where this would be beneficial. I guess someone at Amazon decided this is not a consumer-oriented solution, which is odd because many banks and even PayPal use tokens such as this for authentication. * The token can only be used with Amazon. You can't sync it to any other AAA server. If you already have a Gemalto token that you carry around, you would not be able to consolidate it with the AWS token. If your business depends on AWS hosted infrastructure, the Ezio is something that you really must have. Think of it this way: How much money will you stand to lose if a malicious individual somehow manages to steals your login credentials? Probably more than the price of token plus shipping, right? Despite its current shortcomings (which will possibly be addressed by Amazon in the future), the Ezio token is an excellent solution that solves a real problem. If you manage any AWS service through the web, you'll definitely want to have one.

Small, light, cheap; there is no reason not to buy one of these if you have an AWS account. Google has similar security technologies, using things such as SMS messages, but this physical device is great as well. I had it shipped to Canada and taxes/duty/brokerage fees were all included in the small initial shipping fee -- great stuff! Setup with Amazon was quick, easy, and I feel SOOoo much better knowing that my account has an extra layer of security now. With trojans and keyloggers lurking in every corner these days, a temporal security system is just what I needed. It did not come with a lanyard though, so losing it could be easy if you don't take care. I bought a big neon lanyard for mine so I would never misplace it. The LCD screen is also kinda small and dim; I assume the battery life will last years because of this, but if you have bad vision or dim lighting, it might be a bit challenging to read the code off when needed. I got no idea what to do if I lose mine, as that scenario doesn't seem to be mentioned in plain sight, but I'll worry about that another day. Right now, I feel relieved. 5/5, since it's cheap and it works as expected. Too bad I can't use it for more of my other IT services though, as I can't find anyone else supporting it other than AWS. meh

The device stopped displaying a number when I press the button within a few months of owning it. I have tried to contact various parts of Gemalto. The departments I can get through to refuse to deal with the complaint as I have to go to the specific department I purchased it from. The specific webstore (contacted via [email protected]) does not respond to emails and their phone number goes through to voicemail to a mailbox that isn't accepting messages as it is full. The device itself is quite flimsy compared to other 2-factor devices I use. Buy with caution, if the device fails there does not appear to be any customer support.

I just got the electronic token generator from Gemalto. As their notes specify, this is a specialized device for Amazon Web Services (e.g., you can't use it with your GMail account). It seems like a good product. The only reason I didn't give it a five star review is the Amazon definition for five starts is "I love it". How in love can you be with an electronic token generator? But I certainly like it. Anyone who is developing a significant web application should be thinking about security from the start . Amazon Web Services also gives you tools for locking down your application (although it can be time consuming wading through their sometimes obscure documentation). One area of weakness is your AWS root account (e.g., the account you use to login to the AWS consoles). This account has absolute power over your application. Obviously this account has the power to delete your databases and remove all of your EC2 instances, crippling or destroying your application. If your application gets notice and starts collecting a user base, people will attempt to hack it. Two factor authentication makes your AWS root account unhackable. Only someone with your email address, your password and the token generator can log in to your account. Short of kidnapping, this is unlikely to happen. Two factor authentication removes a major security vulnerability. All for the cost of $13. Sure you could use the free Google App on your phone. Right now, phones are one of the items most targeted by thieves. Perhaps this will change as stolen phones are set up to be disabled. But if your phone is stolen, you will not be able to get into your AWS account until you can get support to reset it. So for me this token generator was a good choice.