The company said technology currently in pre-beta will allow users of SecurID two-factor authentication tokens to replace the Windows login on their PCs with SecurID logins, further reducing the number of passwords to be remembered.

Also, for the first time, users will be able to use SecurID to log in to their machines while not connected to the network and the RSA ACE/Server, the server side component that generates one-time passwords that match the ones the SecurID tokens create.

It will do this by letting the Windows machine download and cache, encrypted, all the passwords that could be needed during a set period. The SecurID algorithm generates a password every minute using the time of day and a unique seed number.

Bill McQuaide, senior VP of RSA’s enterprise solutions group, said this will make SecurID simpler to use. Security that is complex to use won’t be used. The reason SecurID has become so dominant is because it is so easy to use.

RSA owns well over half of the token market. Struggling rival ActivCard Corp puts RSA’s market share outside of financial services at about 80%. But recent moves by new rival VeriSign are aimed at eroding that share.

On Monday, VeriSign introduced the Open Authentication Reference Architecture, which it abbreviates to OATH, and said it will start selling authentication tokens later this year to drive adoption of the architecture.

OATH will attempt to create standards in password generation and credential provisioning, in order to make it easier for companies to buy their software and tokens from a variety of vendors, rather than sole sourcing.

RSA is thought to be an unlikely adopter of OATH. SecurID and related software accounts for approximately 80% of the company’s revenue. Much of RSA’s recurring revenue comes from tokens, which must be replaced every three to five years.

McQuaide said that RSA is generally a strong supporter and driver of industry standards. The company will watch the OATH initiative carefully before deciding what, if anything, to do about it.

Stepping up this brewing battle, VeriSign CEO Stratton Sclavos yesterday used his RSA Conference keynote to plug a similar integration deal it has signed with Microsoft relating to its new token authentication business.

VeriSign said that its Windows authentication system will be based on the OATH architecture, and will use VeriSign’s tokens and new hosted authentication services, in place of a local network authentication server.

Both companies expect their respective systems to beta-test during the second quarter of the year, and to be released at some point during the third quarter.

This article is based on material originally published by ComputerWire