The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
PCI DSS disses multi-step authentication
Posted by: root in PCI-DSS 5 years, 2 months ago
The PCI Council has published an "Information Supplement" on multi-factor authentication (pdf). The document that multi-step and mutl-factor authentication are not the same and that the former is not acceptable.
New release, bug fixes and updates
Posted by: root 5 years, 4 months ago
We released a new version of the WiKID server today and it warrants a few notes.
Preventing pass-the-hash via RDP with two-factor authentication
Posted by: root 5 years, 9 months ago
In researching pass-the-hash attacks, we discovered that when Microsoft implemented "Restricted Admin" mode they inadvertantly enabled pass-the-hash attacks via RDP 8.1. This attack tool is now included in Kali Linux and probably other tools.
Users: before you use two-factor authentication, make sure the admins do!
Posted by: root 5 years, 10 months ago
Dropbox is the latest internet-based service to suffer a mega-breach.
NIST deprecates SMS as an out-of-band authentication method
Posted by: root 5 years, 10 months ago
When we started WiKID, we looked at using SMS to deliver one-time passcodes. We chose not to for the simple reason that there was no way we could control the encryption and thus demonstrate the security of our solution to customers. There wasn't any data about the possible risks or probabilities of failures (except for reliability/delivery percentages) We looked to basic security design principles and best practices when we developed WiKID. Could we control the encryption? Could we generate the keys on the devices instead of using shared-secrets?
Recent Posts
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
- WiKID Android tokens had their data deleted over the weekend by Google Chrome bug
- Scalability improvements in version 5.0 of the WiKID Strong Authentication server
- 5.0 Released!
Archive
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)