Posted by:
admin
14 years, 7 months ago
In the Five Security Missteps made in the Name of Compliance, Bill Brenner lists "How to Botch Multi-factor Authentication" first. The point is that if you open holes for users that have forgotten their hardware tokens, you have circumvented your own security, eliminating the value of two-factor authentication.
WiKID helps prevent the need for this type of circumvention in two ways. First, using the wireless tokens means that the user has to forget their Blackberry, iPhone, or Android smartphone which is much less likely because they actually like those things and/or need to have them for non-work related things. Secondly, unlike most software tokens, WiKID is based on seat licensing and not on a per-license basis. With shared-secret tokens, you get a list of seeds you can use. You can only have extra by paying for them. With WiKID, each unique username is a seat license and each user can have more than one token. A user with a forgotten token can be issued a new one, perhaps on a USB drive. Obviously, you still have to properly validate the user is who they say they are, but you do not have to open a door for single-factor authentication.
Hopefully, managers worried about quickly meeting compliance goals will find this post, helping them to now make the second mistake: Failing to do enough research.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)