Posted by:
admin
14 years, 3 months ago
So it has been quite a while since my post about the Security of Software Tokens. In that post, I pointed out that using public key encryption eliminates the problem of securing the seed. There is no seed. I also pointed out that if you're concerned about malware, fight malware.
I wanted to tackle a couple more mis-perceptions about two-factor authentication. I routinely see posts that state that two-factor authentication needs to be easier to use and less expensive, as this post states:
What’s really missing is a strong successor of passwords. There are many options, like various two factor authentication schemes, but none of them is as easily and cheaply implemented as passwords.
Note the wording here: "cheaply implemented". Certainly, for the developer historically it is easier to implement usernames and passwords than say LDAP or Radius, but that's where the savings end. Maintaining passwords is incredibly expensive. In addtion, we are increasingly seeing new web-applications implement SAML or OAuth, allowing users to login with their Facebook, Google or Twitter logins. The benefit of getting new users to sign up outweighs the integration cost. Plus, Google, Twitter et al have made it a lot easier for developers to integrate by providing simple APIs and sample code. (We use Google's sample code for the Google Apps for your Domain SAML plugin, for example). WiKID has a very simple API and a number of open-source (LGPL) implementation packages for developers, in addition to Radius and LDAP support.
So, clearly implementing two-factor authentication is getting easier for developers thanks to a number of APIs and packages. What about ease-of-use for end users? I think users are incredibly frustrated with passwords. We focus on ease of use by doing the little things, like copying the one-time password to the clipboard automatically or opening the default browser to the URL after validating the SSL certificate for the user. If you don't like our token, you can write another one, just like Hurricane Labs did in Python.
Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)