The WiKID Blog, musings on two-factor authentication, information security and some other stuff.
The lessons from Guy Kawaski's twitter attack
Posted by: admin 15 years, 3 months ago
The lessons are sadly the same. Static passwords are weak and DNS is weak. The answer is two-factor authentication and either mutual https authentication or better DNS. Since DNS is unlikely to be fixed any time soon...
Cost savings WiKID vs Hardware tokens
Posted by: admin 15 years, 3 months ago
Needless to say, we've done a lot of analysis on how much an enterprise can save by switching from hardware tokens to WiKID. It occurred to me that security folk are suspicious people by nature, they like to see how the sausage is made and check the sources. So, I have uploaded a copy of the spreadsheet we use to google spreadsheets. Now you can see the formulas, get your own quotes from strong authentication vendors and compare yourself.
IRC web interface fixed
Posted by: admin 15 years, 3 months ago
I noticed that some visitors were trying to get to #wikid using the web interface but that no one was actually joining. I've switched the web interface to the official freenode tool and it appears that everything is working. So if you trying to chat about two-factor authentication on #wikid, please try again!
PCI hullabaloo
Posted by: admin 15 years, 4 months ago
So there's been a whole lot of hullabaloo on the Internet and in twitterville about PCI because of the Savvis lawsuit.
Google Apps security
Posted by: admin 15 years, 4 months ago
Following up on our tutorial on adding two-factor authentication to Google Apps, the Google Security team has posted some thoughts on HTTPS security for Google apps and there is an interesting survey about authentication you should take if you use Google apps. The survey results are available here.
Recent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)