Simple, really.
There are two factors: possession of the private key and knowledge
of the PIN. The private key is stored on the client. Our PC client, for
example, this key is in a password-protected PKS12 encrypted file. If
someone steals this file and brute-force attacks it and gets the
passcode, they are only half-way there.
They still need the PIN. The PIN is stored encrypted on the WiKID
server. Losing the private key is the equivalent of losing a hardware
token. You're only half-way there.
Typical software tokens store the PIN, the secret and the algorythm all in the client. Clearly this is not the way to do it.
-
SUPPORT & DOCS
-
-
-
-
-
-
-
-
-
-
-
-
-
FAQ
-
But we can't ask non-employees to run software on their PCs. What can we do about vendors?
-
Can I re-enable users after a certain amount of time?
-
Can I use WiKID for two-factor authentication for GDM/XDM/Gnome/KDE login?
-
Aren’t wireless networks and devices inherently insecure?
-
Can more than one passcode be valid at one time?
-
Can the WiKID Server and/or Token be embedded?
-
Can WiKID work across multiple enterprises without federation?
-
Do you also offer a hardware token?
-
Do you have packages for Debian, Ubuntu, BSD, etc?
-
How are users provisioned? How is initial validation handled?
-
How can a software token be as secure as a hardware token?
-
How can I auto-archive the logs?
-
How can I configure WiKID to start automatically.
-
How can I restart the server without being asked for the passphrase?
-
How can I update the WiKID server when it is not on the Internet?
-
How do I set up Mutual HTTPS Authentication?
-
How does WiKID enable Active Directory password resets?
-
How does WiKID work with Active Directory?
-
How scalable is the WiKID server?
-
I forgot the passphrase to my software token? How do I start over?
-
I have lost the passphrase for my token. Can I get it back?
-
On what platforms/OSs/ devices will the WiKID client run?
-
What are WiKID "Domains"?
-
What do I do when my wireless device is out of network coverage and I want to login with my WiKID credentials?
-
What is the base architecture of WiKID Authentication?
-
What networking Protocols are supported by WiKID?
-
What's the difference between the Community release and Enterprise release?
-
When do I need a commercial license?
-
Why did you release an open source version?
-
Will the WiKID token run on a USB Token?
-
Will WiKID Strong Authentication work in my network?
-
How can I install Oracle JDK 8 from the command line?
-
But we can't ask non-employees to run software on their PCs. What can we do about vendors?
-
-
-
