Blog Stats
  • Posts - 31
  • Articles - 0
  • Comments - 1
  • Trackbacks - 680


Strong Authentication

 Nick Owen commented on “Strong Authentication” and points out his viewpoint. Nick makes some great point, keeping in mind that he apparently works for “WikiD” that is billed as; “a Two-Factor authentication without the hassle factor”.

From thier technology page:

Architecture Overview

Fundamentally, WiKID works this way: A user selects the domain they wish to use and enters the PIN into their WiKID client. It is encrypted with the WiKID Server's public key - assuring that only that server can decrypt it with its private key. If the server can decrypt the PIN and it is correct and the account is active, it generates the one-time passcode (OTP) and encrypts it with the client's public key. The user then enters their username and the OTP into whatever service they are using, a VPN e.g., which forwards it to the WiKID Server for validation.

That’s is a new twist on “token” usage. So we have a “PIN”, a “Username”. Is that “Strong” authentication ?

As point out by Dave Kerns “A password should be sufficient to protect a printer from misuse. A bank vault will require controls that are more stringent. But what about the launch sequence of a nuclear missile?”

So, how would we rate WiKID for usage:

  • Printer;Sure
  • Bank Account:; Probably
  • Nuclear Missile; Probably Not.

Is the WiKID Client:

  1. An authentication method must be strong, no it must offer a virtually undeniable method of Authentication.
  2. Strong authentication must be able to be used by onsite employees, but also to remote employees, business partners and customers.
  3. Easy for the users remembering The Law of Human Integration. This is vital as if it is difficult, users will do "cheat sheets" to get around the difficulty.



# re: Strong Authentication

Damn, I was just about to close a deal with some guys that have a nuclear missle or two ;).

I have some issues with your definitions:

I don't think you can have an 'undeniable' method' of authentication, ever, so choose the best solution, know it's weaknesses and work around them. I think you need something that is stronger than passwords that is capable of constant improvement. Security is a long war. Hardware tokens will fail because they aren't extensible enough.

To clarify: the two factors in WiKID are the private key and the PIN. Since the PIN is stored on the server, stealing the private key is no different than stealing a hardware token. (We also generate a one-time asymmetric key that is transferred with the PIN so that a stolen private key can't decrypt the returned passcoded.).

You can do things in software that will make WiKID as strong as a hardware token or stronger: for example, we can do bi-lateral authentication above and beyond DNS - to fight DNS poisoning and other 'pharming' techniques. So which would you want for your bank account: a hardware token susceptible to DNS poisoning or WiKID?

3/15/2005 11:48 AM | Nick Owen

# arctic monkeys

<a href =''>cheap flights list</a> <a href =''>free web templates</a> <a href =''>rolling stones</a> <a href =''>debt</a> <a href =''>engagement rings</a> <a href =''>home based business opportunity</a> <a href =''>home equity loan</a> <a href =''>arctic monkeys</a> 12/17/2006 8:28 PM | arctic monkeys

# puzzles

<a href =''>horoscopesa</a> <a href =''>hgtv</a> <a href =''>pianos</a> <a href =''>computer training courses</a> <a href =''>resume examples</a> <a href =''>xbox 360</a> <a href =''>free ringtones</a> <a href =''>puzzles</a> 12/21/2006 2:32 PM | puzzles

# real estate investment

<a href =''>graphics software</a> <a href =''>arthritis</a> <a href =''>life insurance quotes</a> <a href =''>chat rooms</a> <a href =''>web hosting</a> <a href =''>npets</a> <a href =''>scary</a> <a href =''>real estate investment</a> 12/30/2006 3:52 AM | real estate investment

# jeeps

<a href =''>Tattoo Designs</a> <a href =''>disposable camera</a> <a href =''>bargain golf equipment</a> <a href =''>scented candles</a> <a href =''>news</a> <a href =''>trace adkins</a> <a href =''>mmorpg</a> <a href =''>jeeps</a> 1/26/2007 6:54 AM | jeeps

# childrens clothing

<a href =''>free games</a> <a href =''>lamps</a> <a href =''>lie detectors</a> <a href =''>uk website traffic</a> <a href =''>make moneya</a> <a href =''>free web hosting</a> <a href =''>free pocket tanks deluxe</a> <a href =''>childrens clothing</a> 1/28/2007 2:59 AM | childrens clothing

# personal growth

<a href =''>yugioh</a> <a href =''>laffy taffy</a> <a href =''>back support</a> <a href =''>push the button sugar babes</a> <a href =''>microbiotic diet</a> <a href =''>low carb recipes</a> <a href =''>disposable wedding cameras</a> <a href =''>personal growth</a> 1/28/2007 3:44 PM | personal growth

# free games

<a href =''>funny pics</a> <a href =''>zelda</a> <a href =''>bmx xxx</a> <a href =''>diy mail order plumbing</a> <a href =''>paint ball</a> <a href =''>associated bank</a> <a href =''>olympic rings</a> <a href =''>free games</a> 2/6/2007 4:13 PM | free games

# forklifts

<a href =''>kingdom hearts</a> <a href =''>sudoko</a> <a href =''>california home equity loan</a> <a href =''>carpet cleaner</a> <a href =''>sedu flat irons</a> <a href =''>birthday invitations</a> <a href =''>buy world of warcraft gold</a> <a href =''>forklifts</a> 2/6/2007 7:27 PM | forklifts

Comments have been closed on this topic.


Copyright © jeemster