Posted by:
admin
11 years, 8 months ago
WiKID is pleased to annouce the release of a two-factor authentication module for Drupal.
I'm personally really happy about the feedback we've already gotten and the questions posed. It clearly shows the issues software projects face regarding implementation of two-factor authentication. In reality, it is implementation of authentication. Clearly, the days of storing username and password in the CMS database are (hopefully) over. So what should they look like now? In my opinion, they should handle the session, be pluggable and provide lots of logging.
By 'handle session' I mean that if the authentication is successful, everything else should work. It should not matter what form of authentication is performed and you should not need to create a new account or if you have to it is as simple as possible.
By pluggable, I mean that it should handle really any type of authentication via a simple process. Linux PAM is a good example as is Plone. Plone provides a super simple example that you can copy (as I did).
Sadly, logging is where many fall down. Plone's authentication system totally eats any feedback. This makes it very hard to determine where the issue is. Organizations with two-factor authentication typcially have three or more nodes, the client (the CMS or VPN), a radius server (ACS, NPS, Freeradius), a directory (LDAP, NPS) and a two-factor authentication server (WiKID, of course). If one of these nodes isn't logging properly it just makes it that much more difficult to trouble-shoot.
So, the inevitable question for us: Why didn't you use or develop a pluggable auth module for Drupal? Because our API does so much more than just authenticate. Indeed, most of the API was developed for user management in a multi-tier. multi-tenant environment. You can register tokens, add tokens to existing users, re-enable users, list users by domains, delete tokens, delete users, etc. all on a per network client basis.
If you use Drupal for any Enterprise-oriented software projects that require some extra security please give our module a whirl.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)