Skip to main content

The WiKID Blog

Viewing posts tagged Transaction Authentication

NIST deprecates SMS as an out-of-band authentication method

When we started WiKID, we looked at using SMS to deliver one-time passcodes.  We chose not to for the simple reason that there was no way we could control the encryption and thus demonstrate the security of our solution to customers.  There wasn't any data about the possible risks or probabilities of failures (except for reliability/delivery percentages)   We looked to basic security design principles and best practices when we developed WiKID.  Could we control the encryption?  Could we generate the keys on the devices instead of using shared-secrets?  

debunking-two-factor-authentication-debunked-by

I'm always explaining what my company does to laymen and to some technical peoptle who look confused when I say that that WiKID does two-factor authentication. However, I am surprised that a security researcher and Trend Micro would not know what two-factor authentication is.

google-research-on-strong-authentication

Ben Laurie and Eric Sachs from Google's security team have published an article on the Usability of Stronger Authentication Options. This is a very interesting document and it's great to see the large internet players focus on security. Unfortunately, in their list of strong authentication methods they do not include software tokens, which seems to me to be a pretty big oversight. Of course, I'm a bit biased. Here are my thoughts on Ben & Eric's concerns:

kaspersky-labs-update-on-bank-attacks

Hat tip: Securology.

authentication-article-on-searchsoftwarequality

I forgot to mention that I have an article up on SearchSoftwareQuality: Stronger authentication needed for Web applications. Here's the gist:

In this article we consider three authentication processes in a typical complex Web application that requires security, such as online banking or brokerage transactions:

Recent Posts

Archive

2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom