Skip to main content

The WiKID System falls back to a challenge-response mechanism, which is part of the Radius standard. After the user enters their PIN, if the device is out of wireless network coverage, the WiKID Two-factor Client will prompt the user for a Challenge.

If the user is logging in to a VPN service, for example, the user enters their username, but leaves the passcode box empty. The VPN service responds with the Challenge, which the user enters into the WiKID client.

The challenge is encrypted with the user’s PIN and an offline-challenge secret and presented to the user Base-62 encoded (to keep the length manageable). The user enters this response for a passcode. The VPN service sends the Username, the Challenge and the Response to the WiKID server. If the WiKID Server can decrypt the Response can get the Challenge, the user is granted access.



 

Copyright © WiKID Systems, Inc. 2019 | Two-factor Authentication