Posted: Thu Mar 19, 2009 5:21 pm Post subject: Website Multi-Factor Authentication
Hi all,
I want to add multi-factor authentication to our company website which at the moment just has a username/password log-in. Can anybody advise on a good system to use?
I have been trying to find a system myself online, but the only reasonable option I stumbled upon is SafeTok http://www.safetok.com/. Does anybody have experience with this system?
What I really like about SafeTok is that the users do not need to buy expensive tokens for it but can just use any available USB stick. However, I wonder how comfortable this is. What do you think?
You should consider using Global Crypto. They utilizes stenography and dual digital image confirmation that is done offline. It provides the only bi-directional, multi-factor, image-based Public Key Infrastructure (PKI) solution available today. And the best part, is that Global Crypto is affordable as well as user friendly. Keep me posted on who you end up with!
Most two-factor systems, including WiKID's, support radius Most VPNs also support radius, so if you need two-factor auth elsewhere, you can add it.
Another thing to thing about is using some form of mutual https authentication to thwart network-based MITM attacks. Mutual https is just any mechanism that verifies the ssl cert in some way other than relying on the user (because we know how that goes). More on that here: http://www.howtoforge.net/prevent_phishing_with_mutual_authentication and
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum