Document Actions
How can a software token be as secure as a hardware token?
Up to Table of ContentsThis FAQ applies to: WiKID Strong Authentication Server Enterprise Edition, WiKID Strong Authentication Server Community Edition, All Software Tokens
Simple, really.
There are two factors: possession of the private key and knowledge
of the PIN. The private key is stored on the client. Our PC client, for
example, this key is in a password-protected PKS12 encrypted file. If
someone steals this file and brute-force attacks it and gets the
passcode, they are only half-way there.
They still need the PIN. The PIN is stored encrypted on the WiKID
server. Losing the private key is the equivalent of losing a hardware
token. You're only half-way there.
Typical software tokens store the PIN, the secret and the algorythm all in the client. Clearly this is not the way to do it.
support
Forgot your password?
Best Practices
Download the WiKID Enterprise Server 3.4 RPMs
