The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
Can more than one passcode be valid at one time?
Posted by: root 16 years, 4 months ago
No. Only one passcode can be valid at one time. Most time-synchronous token solutions allow more than one passcode to be valid at one time so that the login window is long enough or to account for clock drift. With only a 6 digit passcode, this can reduce security.
What do I do when my wireless device is out of network coverage and I want to login with my WiKID credentials?
Posted by: root 16 years, 4 months ago
The WiKID System falls back to a
challenge-response mechanism, which is part of the Radius standard.
After the user enters their PIN, if the device is out of wireless
network coverage, the WiKID Two-factor Client will prompt the user for
a Challenge.
If the user is logging in to a VPN service, for example, the user
enters their username, but leaves the passcode box empty. The VPN
service responds with the Challenge, which the user enters into the
WiKID client.
The challenge is encrypted with the user’s PIN and an
offline-challenge secret and presented to the user Base-62 encoded (to
keep the length manageable). The user enters this response for a
passcode. The VPN service sends the Username, the Challenge and the
Response to the WiKID server. If the WiKID Server can decrypt the
Response can get the Challenge, the user is granted access.
How scalable is the WiKID server?
Posted by: root 16 years, 4 months ago
Very. We have tested the WiKID server running on a low-end 1.4 ghz server with 256 meg of ram and IDE drive and have documented 50 transactions per second. The WiKID Server is a software appliance available as an ISO or a VMWare image that you put on your hardware platform of choice, so the scalability will depend on the hardware you choose.
Can WiKID work across multiple enterprises without federation?
Posted by: root 16 years, 4 months ago
Yes. Unlike most two-factor authentication systems, WiKID uses public key crypotgraphy instead of shared secrets. This means that a single WiKID token can support an unlimited number of relationships with WiKID servers without a reduction in security.
Why did you release an open source version?
Posted by: root 16 years, 4 months ago
We want people to use our software.
We benefit from feedback from users whether they pay or not.
We want to partner, not just with proprietary software developers,
but also open source projects and other 'dual source' companies.
We hope that evaluators will actually look at the code for
weaknesses and help us make the product better. It ain't fixed until
you've broken it.
We use open source software everyday and wanted to give something back.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)