Skip to main content

The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

NIST deprecates SMS as an out-of-band authentication method

When we started WiKID, we looked at using SMS to deliver one-time passcodes.  We chose not to for the simple reason that there was no way we could control the encryption and thus demonstrate the security of our solution to customers.  There wasn't any data about the possible risks or probabilities of failures (except for reliability/delivery percentages)   We looked to basic security design principles and best practices when we developed WiKID.  Could we control the encryption?  Could we generate the keys on the devices instead of using shared-secrets?  

Praetorian report on Top Attack Vectors points to two-factor auth for remote users and admins

The report from Praetorian is excellent. Download it.  Some pertinent (to us) bits:

How to add WiKID two-factor authentication to an Aruba Networks Via VPN solution

Check out this great video on how to add WiKID two-factor authentication to an HPE/Aruba Networks Via VPN:  https://www.youtube.com/watch?v=hcHXwND301U&feature=youtu.be

The convenience of multiple tokens per user

I think this tweet lamenting the state of two-factor authentication and online identity will be increasingly common:

Add two-factor authentication to any app that uses AD

We have primarily been promoting our new native AD two-factor authentication for use by Administrators looking to meet the latest PCI-DSS 3.2 requirements or thwart pass-the-hash attacks, however it is more powerful than that.

Recent Posts

Archive

2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom