Posted by:
admin
11 years, 4 months ago
Welcome to club.
We're glad to see Twitter moving away from SMS, which has numerous defects to an authentication system that uses public key cryptography. Since WiKID was founded over 10 years ago, we have believed that asymmetric encryption is the best way to do authentication in the connected world.
I have enabled it on one of my accounts - oddly, I was not able to verify my email on another. It is pretty slick and easy to use. But, I foresee some potential issues.
First and foremost, this will not help the major brands and advertisers. Big news organizations and brands have more than one person managing a Twitter account. A good number outsource it to a marketing/communication firm. There is no single phone that can be used. At least two of our customers provide this type of functionality using our API. A large email management service has used our API and tokens to secure multi-person control of accounts. Online Banking Solutions uses our API to allow banks to enable their customer to use two-factor authentication, making the banks the identity providers and pushing control closer to the decision makers. (They have also embedded our tokens into their client.)
Secondly, one of the things we like about using public key cryptography for two-factor authentication is that it makes is very easy to have more than one token per user. So, I am disappointed that I cannot use both my phone and my tablet as tokens.
Third, while I see this as minor, my authentication request came in from Montvale, NJ, no where near my location, but obviously a POP of my ISP. People will probably become immune to this. It could be an issue, but this isn't a bank web site (and sadly, banks don't have this level of security).
All that being said, I think this is a great consumer-facing two-factor authentication feature for Twitter.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)