The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
J.P. Morgan caused by lack of two-factor authentication on one server
Posted by: admin 9 years, 9 months ago
This story is interesting because it shows that two-factor authentication would have (most likely) worked to prevent this devastating attack. However, it also shows how hard it is for large organizations to actually implement security controls, especially given the use of third parties and growing through acquisitions.
Tough times for Retailers
Posted by: admin 9 years, 10 months ago
Here's a few things for the security teams at retailers to consider:
The death of SaaS? Bringing software back.
Posted by: admin 9 years, 10 months ago
So, it used to be common knowledge, some time after I suffered through setting up data centers in co-location facilities but before I was selling security software/virtual appliances, that 'software was dead'. Well, I'm of the opinion that software (and PaaS) are bringing software back.
People liked SaaS because it meant that they didn't have to buy or manage hardware, it was reliable and if you had internet, available everywhere. These SaaS players and consumer sites like Etsy and Netflix led the move to Dev-ops and idempotent infrastructure, creating reliable infrastructure and agile operations. They pushed infrastructure as code as I have seen in packer.io, a program that allows you to build idempotent virtual machines for your virtual platform of choice or PaaS vendor.
Free two-factor authentication from WiKID
Posted by: admin 9 years, 11 months ago
Today we announced our 4.0 release of the WiKID Strong Authentication server. This release includes a much easier way to configure your WiKID server. You can edit a sample configuration file with all your WiKID server and network information and use it to build your server in one step. The configuration file contains about 15 pieces of basic information about your network and certificate information. We've also released a certificate management system that better manages licensing. It allows companies to manage their user base much more easily. We have found that companies are increasing the ways they use two-factor authentication and increasing the number of users over time.
The big news is you can now use the Enterprise version of WiKID free for up to 5 users. We've had the WiKID Community version free as in speach for some time, but the encryption libraries we use for the smart phone tokens and the RADIUS server plugin are licensed and could not be released. There are a number of smaller companies, non-profits and security-minded home-network sys admins that need two-factor authentication. This is for them. It also eliminates the need for a test or lab license. We encourage customers to set up test labs!
So, if you want to set up two-factor authentication or just play around with it, please download our server!
The weakest link in your supply chain may be passwords
Posted by: admin 9 years, 11 months ago
From the Register.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)