Skip to main content

There are many flavors of two-factor authentication, some more secure than others. We believe that relative security is a central factor in choosing a strong authentication solution. While cost savings, extensibility and manageability are important, a two-factor authentication system must provide the level of security your assets and risks require.

Two-factor

The combination of knowledge of the PIN and possession of the WiKID Two-factor client is very strong

Passcodes random

There is no way to predict the passcodes or to brute-force attack the server

Only one passcode valid at any moment

Passcode lifetime can be set per domain by the administrator, which can't be done with a time-synchronous system.

Eliminates shoulder surfing, keyboard sniffers, Trojans

Passcode is only used once.

PINs and passcodes never sent over network together

In some two-factor authentication systems, the PIN is sent with the passcode, which increases the risk of PIN compromise. With WiKID, the PIN and passcode are never transmitted together and are always asymmetrically encrypted.

Published algorithm

WiKID Strong Authentication uses only published algorithms, increasing the security of the system through the peer-review process.

Risk from loss

A user is more likely to keep a wireless device separate from the laptop, decreasing the risk of combined loss. Key fob tokens are often kept with laptop. A lost or stolen token is a nuisance. A lost cell phone is a financial risk for the user, aligning incentives.

No password file for attackers to target

Password files are the gold mine for attackers. WiKID Strong Authentication removes that target.

PIN stored on server

There is no way to brute-force attack the PIN as it is stored safely on the WiKID Strong Authentication Server. Certificates protected by passwords are subject to cloning and brute-force attacks on the password.

Domain Security Options

Maximum bad PIN attempts
Maximum bad passcode attempts
Maximum consecutive challenge-response logins
PIN length configurable
Passcode lifetime

Cross-enterprise security

There is no reduction in security when multiple two-factor domains are created making cross-enterprise strong authentication viable for the first time. This capability fits well with Single Sign-On efforts such as Liberty Alliance.

Logging

Complete logging and reporting. Integration via Syslog is available.


 

Copyright © WiKID Systems, Inc. 2017 | Two-factor Authentication