The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
Software Tokens: Less expensive, easier to use.
Posted by: admin 13 years, 7 months ago
So it has been quite a while since my post about the Security of Software Tokens. In that post, I pointed out that using public key encryption eliminates the problem of securing the seed. There is no seed. I also pointed out that if you're concerned about malware, fight malware.
Living up to "Two-factor Authentication that doesn't suck"
Posted by: admin 13 years, 8 months ago
At the SecurityTwits Meetup during DefCon, James Arlen aka @myrcurial introduced me to someone as being from "WiKID Systems - two-factor authentication that doesn't suck". This is high praise. The first question was "What doesn't suck about WiKID?". While it was enough for James that we not be $3letterCompetitor, that's not enough for me. I've really been thinking about what it means to not suck.
Secure (?) Internet access for DefCon/BlackHat/BsidesLV
Posted by: admin 13 years, 9 months ago
Every year at DefCon there is a Wall of Sheep where the usernames and passwords for non-encrypted logins are posted and every year there are usernames and password on it.
iOS 4 struggles
Posted by: admin 13 years, 10 months ago
The iOS 4 upgrade for the iPhone breaks the WiKID token. We're looking into and hope to have something fixed shortly.
Javelin Strategy on Business Banking
Posted by: admin 13 years, 10 months ago
Read this post on "Business Bank Accounts: The missing features that no one is talking about" for a great summary of the missing features that online banking needs to provide a secure solution for their customers, including one-time passwords. I find this to be a little dis-heartening as I believe that online banking needs for more than the features on this list. We have often gone on about mutual https authentication and transaction authentication, but it turns out banks are a long way from providing these "advanced features". Perhaps I should be more positive: Think how easy it should be for a bank to increase their security.
Recent Posts
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
Archive
2024
- January (1)
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)