Posted by:
admin
15 years, 4 months ago
The Infoseccynic recently posted on twitter:
passwords are dead.... what's the next good authentication mechanism?
Not sure if he means next best, or the next sequentially, but either way we think the answer is WiKID. Why do we think it is WiKID and why do we think you and the Infoseccynic should join our cause? What is our cause?
First our cause: Our evil plan is to offer low cost/free GPL & LGPL software and libraries to make two-factor authentication as easy and as simple as static passwords.
Why should you join the WiKID cause?
First, our server and software tokens come in GPL versions and our network client API bundles come in LGPL, so it can be included in commercial software. One customer/VAR didn't like our use of Java on the token, so they re-wrote it in Python. They wanted a better command line experience. We even offer a pay-what-you-want option for home users of our commercial version, if you really got to have an iPhone token.
Second, we have also done a whole lot of documentation on how to add two-factor authentication to various remote access solutions. Most of these involve the use of standard protocols such as radius, tacacs+ and ldap, so they are applicable to many solutions.
Third, we have continued to add functionality such as support for Google sso/SAML and a free openid service.
Fourth, WiKID is highly extensible. Because we use public keys instead of shared secrets, we can do a lot more such as mutual authentication and transaction authentication. The WiKID software token can be used across multiple WiKID servers without a reduction in security. That multi-domain capability is like having federation on the token. Moreover, each user can more than one token without a reduction in security. So, more than likely WiKID can grow to meet the threats of the future.
Finally, I think we're a pretty decent company. We don't send any unsolicited commercial emails, we sponsor things like SecurityBsidesLV and we give back to the open source community.
And lastly, a call to arms:
Information Security professionals, what are you doing for authentication? Are you using f*ck.mysql as your mysql password? I understand that 'it's only the website' or the one about the cobbler's son. I know it's hard. Even when it's quite simple, setting up two-factor authentication is not a revenue generating activity. But information security specialists should practice what we preach. If you practice with WiKID, you contribute to solving the problem of static passwords in a real and tangible way. If you can't contribute code, make suggestions, find bugs, create documentation. Who knows, the data/face you save may be your own.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)