Skip to main content

The WiKID Blog

Viewing posts tagged Authentication Attacks

Another nail for SMS authentication

Now that European banks are using SMS messaging for authentication, criminals are paying top dollar for used Nokia phones that can be reprogrammed due to a bug to work with any phone number.  We've discussed why SMS authentication is a bad idea before.  Here's more evidence.

Summary of the Congressional PCI hearings

Anton Chuvakin has a nice summary of the recent PCI hearings in congress. 

Adding two-factor authentication to phpBB

In light of the recent phpBB password issues, I threw together a quick how to on adding two-factor authentication to phpBB. By quick I mean that I used radius at that apache level. You could also use the WiKID php network client.

PHPBB password analysis

Dark Reading has an analysis of the passwords exposed in the recent PHPBB attack.  It's interesting and I'm sure that people do use passwords that are too simple.  However, the fact that you can analyize the passwords proves that it makes no difference what password you choose! So, the simple the better until the site moves up to two-factor authentication.

embedding-wikid-two-factor-authentication-in-your

One of our customers, Online Banking Solutions offers banks and financial institution software for commercial account management. They have embedded WiKID for two-factor session authentication and mutual https authentication in both the server side and on their optional client. The combined client facilitates the initial validation process, performs session authentication using the one-time passcode and performs mutual https authentication to prevent MITM attacks.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom