Posted by:
admin
14 years, 2 months ago
At the SecurityTwits Meetup during DefCon, James Arlen aka @myrcurial introduced me to someone as being from "WiKID Systems - two-factor authentication that doesn't suck". This is high praise. The first question was "What doesn't suck about WiKID?". While it was enough for James that we not be $3letterCompetitor, that's not enough for me. I've really been thinking about what it means to not suck.
I first responded by giving the key differentiating features: use of public key encryption instead of shared secrets; that each user can have more than one token without a reduction in security; that we can do mutual https authentication, etc. However, it quickly occurred to me that being good at something is not necessarily the same as not-sucking. So here are my thoughts on why WiKID does not suck:
First off, giving back. We've got an open source version. This is our way of giving back to the community and reducing the cost of two-factor authentication, drastically for certain users. Our mission is to reduce the usage of static passwords. Having an open-source version is part of that mission.
Openness is also key. If you want to see how our code works, have a look. I'm a bit disappointed that more people haven't looked, but some have and I really like that. The ones that do give use great, great feedback (and not sucking requires feedback). I know that students, teachers and researchers have used our software to learn and teach and that is awesome.
Responsiveness and flexibility are important non-sucking attributes as well. We try to be as responsive as possible to customer and prospect requests. When we haven't responded quickly it is usually because we are responding to something else we consider to be a higher priority. We have rarely "dropped the ball". We are not dogmatic either. if you want to do something in a way that works for your organization, then we'll help make it happen. If it's not the most secure way, but still a more secure way, that's progress in our book.
While not-sucking is a relative position and it helps to have sucky competitors, I just wanted everyone to know that we are actively trying to not suck.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)