Add new comment

Want to support HowtoForge? Become a subscriber!
Re: Nice, but this is not two-factor authentication
Submitted by nowen (registered user) on Wed, 2011-03-23 13:09.

You missed part of the WiKID authentication process, perhaps because it was not really demonstrated here.  The user enters a PIN (something they know) in the WiKID software token (something they have, well technically, possession of the private key embedded in the token).  The PIN is encrypted and sent to the WiKID server behind the corporate firewall. If the PIN is correct, the account active and the encryption valid, an OTP is generated, encrypted and returned to the user to use as the password.

 You can think of WiKID as being like PGP, but used to transmit authenticating information.  It is 'stronger' than certs or keys, because the PIN is validated on the server rather than locally and integration is simple because every UI supports and username/password combo.  

The addition of the OTP makes SSH more suitable in organizations facing compliance (PCI, etc).  

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options