Website Multi-Factor Authentication

Networking/Security Forums -> Cryptographic Software and Hardware

Author: John_M PostPosted: Thu Mar 19, 2009 5:21 pm    Post subject: Website Multi-Factor Authentication
    ----
Hi all,

I want to add multi-factor authentication to our company website which at the moment just has a username/password log-in. Can anybody advise on a good system to use?

I have been trying to find a system myself online, but the only reasonable option I stumbled upon is SafeTok http://www.safetok.com/. Does anybody have experience with this system?

What I really like about SafeTok is that the users do not need to buy expensive tokens for it but can just use any available USB stick. However, I wonder how comfortable this is. What do you think?

John

Author: rvdwestenLocation: Breda, The Netherlands PostPosted: Tue Mar 24, 2009 9:18 am    Post subject:
    ----
LDAP?
RSA Secure ID?
Smartcards....

few examples..

Author: John_M PostPosted: Tue Mar 24, 2009 10:39 am    Post subject:
    ----
Sure. But have you seen the prices of RSA? It costs a fortune... I am looking for something affordable...

Author: ATLCityGal PostPosted: Thu May 21, 2009 10:30 pm    Post subject:
    ----
You should consider using Global Crypto. They utilizes stenography and dual digital image confirmation that is done offline. It provides the only bi-directional, multi-factor, image-based Public Key Infrastructure (PKI) solution available today. And the best part, is that Global Crypto is affordable as well as user friendly. Keep me posted on who you end up with!

Author: captainspalding PostPosted: Thu May 21, 2009 11:33 pm    Post subject:
    ----
Greetings:

I have done a number of how-to on two-factor authentication for apache:
http://www.wikidsystems.com/support/wikid-support-center/how-to/two-factor-authentication-for-apache-2.2-or-higher/

I think you should think about the protocol you want to use. I'm partial to radius because it is quite simple and has cross-platform support. On Windows you can use the MS radius server IAS: http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-the-microsoft-isa-server-to-support-two-factor-authentication-from-wikid/ and here: http://www.wikidsystems.com/learn-more/technology/mutual_authentication

Most two-factor systems, including WiKID's, support radius Most VPNs also support radius, so if you need two-factor auth elsewhere, you can add it.

Another thing to thing about is using some form of mutual https authentication to thwart network-based MITM attacks. Mutual https is just any mechanism that verifies the ssl cert in some way other than relying on the user (because we know how that goes). More on that here: http://www.howtoforge.net/prevent_phishing_with_mutual_authentication and

For comparison, WiKID's pricing is here: http://www.wikidsystems.com/learn-more/financial



Networking/Security Forums -> Cryptographic Software and Hardware


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group