Skip to main content

The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

Security Metrics on meeting PCI requirements with two-factor authentication

WiKID is mentioned in this Security Metrics blog post about meeting PCI requirment 8.3 using two-factor authentication

End of Life for McAffee one-time password

Remember when Intel was going to put two-factor authentication into their chips? Seemed worrisome for small security vendors like WiKID, but we have been around and I knew that big companies change directions often. Now apparently, Intel is ending the McAfee Pledge OTP formerly known as Nordic Edge.

Hackers For Charity Challenge

This morning I saw a tweet from Johnny Long about them being in hole $2,700 due to unexpected baggage fees.  As long time admirers we decided it was time to do something.   So, we gave $100 and committed to giving $100 per evaluation certificate created between now and Thanksgiving.  No one wants to go into Thanksgiving in the hole. 

Scalability notes for the WiKID Strong Authentication server

Large two-factor authentication deployments are becoming more and more common these days as  enterprises deploy it to more and more employees .  We're also seeing more SaaS providers needing to meet regulations such as HIPAA and PCI.   These enterprises have large user bases and need scalable, reliable, affordable two-factor authentication.   We have the affordable part covered (you can see our pricing online) and we are highly incented to provide reliable software thanks to our annual subscription license.  But how scalable is WiKID?

Latest release pushes into Privileged Access Management

The 4.1 release of the WiKID Strong Authentication Server - Enterprise Edition includes the ability to use one-time passcodes for Active Directory accounts. We noted an increasing focus on privileged accounts.  Companies need these accounts to manage windows PCs and infrastructure.  Multiple  system admins need to have the credentials for them too.  So, organizations often have shared spreadsheets with credentials.  You can put them into a "password vault" but then there is still a password to the vault and an attacker that is already on the system can still perform a 'pass-the-hash' attack to escalate their privilege. 

Recent Posts







RSS / Atom