Skip to main content

The WiKID Blog

Viewing posts from January, 2009

buyability-and-usability

Today we turned on online purchasing for WiKID Strong Authentication licenses. It is a bit of an experiment in "buyability". A big hat tip to Dharmesh Shah's post on Usability vs. Buyability to clarify this point for me. We had focused on ease of use. We have provided ASP scripts that automate the two-factor roll-out process, for example and have an incredibly easy to use Web-interface on the WiKID server (IMHO - another hat tip to Brian Dame ;). We have attempted to take the risk out of buying WiKID by having an open-source version and by having a trial version of the commercial server available for download from the extranet. And we have set up a way to test the WiKID two-factor tokens without even providing an email address.

strong-authentication-for-the-masses

WiKID got a nice review over at the Coffee Corner. I hope they do test the WiKID server on your home network. That is exactly the scenario we envisioned when we released the open source version. No reason why home users shouldn't be able to have strong authentication. I do want tot try to clarify some of the issues, if I understand them correctly:

better-password-strength-just-one-factor

Pete over at Spire Security points out the obvvious(which alluded me):

As far as I can tell, Bruce Schneier's current Wired column, MySpace Passwords Aren't So Dumb, is intended to be taken seriously. The article is supposed to be about how "good" passwords on MySpace are these days, and there isn't a hint of irony in his statement:
"But seriously, passwords are getting better."
I am at a loss to explain how he can come to this conclusion when every single one of the 34,000 passwords he analyzed were stolen through a phishing attack. What he should have said was: "This shows that a 1-character password (the shortest they harvested) is just as secure as a 32-character password (the longest they harvested)"
He also points out that if you're not going to do two-factor authentication, then don't worry about long passwords. If any data is important enough or vulnerable enough to require a strong and therefore annoying password policy, use two-factor authentication.

schneier-questions-need-for-himself

I read with delight this quote from omnipresent security pundit Bruce Schneier questioning the reasons for the existance of the security industry:

"We shouldn't have to come and find a company to secure our e-mail. E-mail should already be secure. We shouldn't have to buy from somebody to secure our network or servers. Our networks and servers should already be secure."

hedge-fund-management-and-information-security

Been a long time since I posted anything. I'm trying to get back into the swing.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom