Posted by:
admin
15 years, 11 months ago
I think awareness of the 'key chain' issue is increasing, which makes me happy. First, there was a post on ask.slashdot about carrying around multiple tokens and today, there was a post on the PingIdentity blog entitled Overcoming Keychain Issues with Strong Auth. He lists four possible solutions to the problem: 1. Centralized Token Service - Local authentication for username/password and a centralized service for token validation.
2. Distributed Validation System - Same as above but use a TLS (Token Lookup Service) or a cached list to find a provider to validate the token.
3. Credential Wallet System – Use a phone and has a soft cred/otp manager to get a token. Each enterprise maintains their own otp validation server.
4. Federated Identity Model – Standard IdP/SP trust model. However, identities (and not just OTP) have to be shared.
This awareness is good for us because WiKID will work under all of the scenarios listed (and is essentially a #3 though we also have a PC client). It can work in a federated model or each enterprise can have their own authentication server. Because the token uses public key crpytography, there is no reduction in security when you create relations with multiple authentication servers. Share on Twitter Share on Facebook
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)