How is it Two-Factor

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How is it Two-Factor

JimS
This is all very new to me, so please forgive my ignorance.  I have WiKID set up so that it is working to authenticate pptp vpn connections.  I understand that this provides strong authentication, but how does it provide two-factor authentication?

The user's PIN is "something they know".  The one-time passcode that is returned by WiKID is also "something they know" isn't it?

Is there any way I can implement so "something they have" is required for authentication?

Thanks

Jim
Reply | Threaded
Open this post in threaded view
|

Re: How is it Two-Factor

Nick Owen
Administrator
Jim:

The two factors in WiKID are knowledge of the PIN and possession of
the (private key embedded in) software token.  When the user enters
their PIN it is encrypted by the server's public key and sent to the
server where is it decrypted by the server's private key.  If the PIN
is correct and the account active, the OTP is generated, encrypted by
the token's public key and sent to the token. The OTP is decrypted by
the token's private key and presented to user.

Think of WiKID as being like certificates - except that the only thing
the keys do is encrypt the PIN and and decrypt the OTP.  By validating
the PIN on the server, it is more secure - there is no offline
brute-force attack.  And simpler: there is no need to maintain white
list/black lists etc.

HTH,

nick

On Fri, Aug 12, 2011 at 2:05 PM, JimS [via WiKID Strong Authentication
Forums] <[hidden email]> wrote:

> This is all very new to me, so please forgive my ignorance.  I have WiKID
> set up so that it is working to authenticate pptp vpn connections.  I
> understand that this provides strong authentication, but how does it provide
> two-factor authentication?
>
> The user's PIN is "something they know".  The one-time passcode that is
> returned by WiKID is also "something they know" isn't it?
>
> Is there any way I can implement so "something they have" is required for
> authentication?
>
> Thanks
>
> Jim
>
> ________________________________
> If you reply to this email, your message will be added to the discussion
> below:
> http://wikid-strong-authentication-forums.1491522.n2.nabble.com/How-is-it-Two-Factor-tp6681151p6681151.html
> To start a new topic under WiKID Strong Authentication Forums, email
> [hidden email]
> To unsubscribe from WiKID Strong Authentication Forums, click here.



--
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication