Skip to main content

The WiKID Blog

Viewing posts by admin

Notes on Twitter's two-factor authentication

Welcome to club.

We're glad to see Twitter moving away from SMS, which has numerous defects to an authentication system that uses public key cryptography. Since WiKID was founded over 10 years ago, we have believed that asymmetric encryption is the best way to do authentication in the connected world.

SMS, Trojans and Two-factor authentication

I've often said that SMS is a weak basis for two-factor authentication.  It is unencrypted and unreliable. It is too easy to take over someone's account.  I was reminded of it today by this puff piece on American Banker - an ad for RSA's anti-trojan services.  Obviously, RSA sells anti-trojan services and two-factor authentication.  We sell two-factor authentication as well, but not SMS-based.  (We use software tokens that use asymmetric (public/private) keys.)

HTML5 Token

For the record, our open-source HTML5 token was released in 2010 and is available on our sourceforge site: http://sourceforge.net/projects/wikid-twofactor/files/HTML5_Token_Client/.

SSH key management a potential risk

We've long said that while we love SSH, SSH key management is a weak point, especially if you need to meet compliance requirements such as PCI.  Now Charles Kolodgy of IDC is saying the same thing:

Reporting via our API

Reporting is a fact of life. And to be honest, good reporting is good for security. In this post, we will take a look at the reports you can generate via the wAuth API to help monitor and manage your two-factor authentication installation.

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom