The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
HTML5 Token
Posted by: admin 10 years, 5 months ago
For the record, our open-source HTML5 token was released in 2010 and is available on our sourceforge site: http://sourceforge.net/projects/wikid-twofactor/files/HTML5_Token_Client/.
SSH key management a potential risk
Posted by: admin 10 years, 6 months ago
We've long said that while we love SSH, SSH key management is a weak point, especially if you need to meet compliance requirements such as PCI. Now Charles Kolodgy of IDC is saying the same thing:
Reporting via our API
Posted by: admin 10 years, 6 months ago
Reporting is a fact of life. And to be honest, good reporting is good for security. In this post, we will take a look at the reports you can generate via the wAuth API to help monitor and manage your two-factor authentication installation.
Google search reveals private Telstra customer data
Posted by: admin 10 years, 6 months ago
A man googling for some information on SMS carrier access codes stumbled upon private Telstra customer data. The data could be used to authenticate a user to the phone company, allowing account take-over. There appears to be a pattern:
More on user validation for two-factor authentication via our API
Posted by: admin 10 years, 6 months ago
In the previous post in this series on using the wAuth API, we discussed how you can create a simple application that allows customer service reps or even 3rd parties in a multi-tenant environment validate users for two-factor authentication. As with all things tech, there is more than one way to skin that cat. The PC tokens support pre-registration. With pre-registration, a list of usernames and pre-registration codes is uploaded to the server. The pre-registration codes are then delivered to the users in some secure manner. The users enter the WiKID Domain identifier, their PIN and the pre-registration code into the software token and they are automatically registered. You generate this list of pre-registration codes - we do not have a copy of them at all. Under the Users tab of the WiKIDAdmin webui there is an option to import a text file of users.
Recent Posts
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
- Scalability improvements in version 5.0 of the WiKID Strong Authentication server
Archive
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)