Viewing posts tagged Transaction Authentication
NIST deprecates SMS as an out-of-band authentication method
Posted by: root 8 years, 2 months ago
When we started WiKID, we looked at using SMS to deliver one-time passcodes. We chose not to for the simple reason that there was no way we could control the encryption and thus demonstrate the security of our solution to customers. There wasn't any data about the possible risks or probabilities of failures (except for reliability/delivery percentages) We looked to basic security design principles and best practices when we developed WiKID. Could we control the encryption? Could we generate the keys on the devices instead of using shared-secrets?
debunking-two-factor-authentication-debunked-by
Posted by: admin 15 years, 9 months ago
I'm always explaining what my company does to laymen and to some technical peoptle who look confused when I say that that WiKID does two-factor authentication. However, I am surprised that a security researcher and Trend Micro would not know what two-factor authentication is.
google-research-on-strong-authentication
Posted by: admin 15 years, 9 months ago
Ben Laurie and Eric Sachs from Google's security team have published an article on the Usability of Stronger Authentication Options. This is a very interesting document and it's great to see the large internet players focus on security. Unfortunately, in their list of strong authentication methods they do not include software tokens, which seems to me to be a pretty big oversight. Of course, I'm a bit biased. Here are my thoughts on Ben & Eric's concerns:
kaspersky-labs-update-on-bank-attacks
Posted by: admin 15 years, 9 months ago
Hat tip: Securology.
authentication-article-on-searchsoftwarequality
Posted by: admin 15 years, 9 months ago
I forgot to mention that I have an article up on SearchSoftwareQuality: Stronger authentication needed for Web applications. Here's the gist:
In this article we consider three authentication processes in a typical complex Web application that requires security, such as online banking or brokerage transactions:
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)