Everyone knows I’m a big fan of two factor authentication. Why do I like two Factor Authentication so much?

The reason why 2 Factor Authentication works is because you need something physical that you own, and something only you would know that is normally memorized (and not written down on a piece of paper!).

If they steal your token, they still need your password. If someone tricks you in giving them your password, they still need that token to log in. Of course, having a corporate strong password policy helps too.

Now, Salesboom.com has just put out a press release saying they will end phishing attacks on CRM.

Salesboom is a hosted, web based, on demand CRM software and Back Office solutions are seamlessly integrated and easily deployed across your enterprise in real time, and at a much lower cost than traditional on-premise solutions and other lackluster on demand CRM vendors.

They are using a two factor authentication security approach which means an employee must insert a USB key into their computer before login. If the username and password entered match the “digital ID” then access is granted. This would have been helpful to salesforce.com when one of it’s employee’s was “tricked” into disclosing their password.

I’ve used these type of token in the past, such as EnTrust, but I prefer the RSA token where the password changes every 60 seconds. You have the first 4 numbers memorized, and you enter the 6 numbers on the token.

With Salesboom’s security you could give your password away and it’s still no good to any scammer out there. Salesboom says that the USB keys can not be duplicated and are encrypted.

This is very good news to hear, as something was needed to be done to help protect companies databases, especially service as a software (SaaS) or software on demand.

By the looks of things, 2008 should be a safer year for CRM vendors.