Posted by:
admin
15 years, 11 months ago
You can now add comments to the blog, but you must first prove to me that you are a human by logging in using WiKID Strong Authentication. Interestingly, this is still anonymous, because I am using the Token Client Test domain, which requires no identification to configure (it was set up as a simple way to test the WiKID token clients). So, it is an anonymous two-factor authentication CAPTCHA of sorts.
As with many blogs, this blog has been subject to highly annoying spam attacks. My current blog software doesn't offer moderation. I set up mod_security to stop all the posts with viagra, porn, and other bad words, but it turns out that there are more bad words than I know about, which shows that I clearly didn't mis-spend enough of my youth or that I am too old to know what "retin" is.
I effectively turned off comments by requiring users to login to site, which uses Plone,a most excellent open source CMS. I have also disabled the join function on our site as I didn't want to create a membership site. So, no join, no login, no spam. Now, I allow anonymous users to post comments in plone, but I block access to the comment entry form in Apache using mod_auth_xradius. I could have used the WiKID extranet domain and require a valid email address, but I wanted to allow fully anonymous postings.
So how does the compare to standard CAPTCHAs?
- It is available free of charge (our open source version)
- It requires that the user register their token
- It requires that the user enter the OTP
- It is anonymous
- I suspect it may be better for the vision-impaired
- It limits the scope of potential damage to a specific WiKID domain
I would also like to be able to process trackbacks using WiKID, but that will require some work. What I envision is that the trackback url would have authentication information appended that Apache would process, such as: http://www.wikidsystems.com/WiKIDBlog/morepointlessblogrambling/trackback?username=nowen&domain=2222222222&otp=123456.
If you have any thoughts, please post a comment! Be sure to sign for an anonymous two-factor authentication account so I know you're human.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)