background preloader

Multi Factor Authentication

Facebook Twitter

Protocols - How to implement multi factor authentication using a token generator? Some important ancilary design considerations.

protocols - How to implement multi factor authentication using a token generator?

Single user or multi-user? If this is a pet project just for you then a lot of support tasks are easy. However, if this is a multiuser system, then you need to consider more factors. Unified token or per-person token? A unified token is a token that provides equivelent authentication for all users. Authentication system parameters. There are some critical parameters such as delay between failed authentication and next authentication prompt. Token device protection Since the token device is an authentication component, the token device will be a tempting target for attackers. Opie - LQWiki. There are two projects named Opie.

Opie - LQWiki

The first is a one-time pad password authentication application, and the second is a PDA/SmartPhone desktop environment. I will briefly discuss each. Opie, the Security tool The first Opie project is One-time Passwords In Everything, and is based on S/KEY. These applications provide a secure password authentication method, and are especially useful on untrusted networks. An Opie password consists of a passphrase, a seed and a sequence number.

[storm@defiant ~]$ opiepasswd -f -c Adding storm: Only use this method from the console; NEVER from remote. Your passphrase is entered and verified, then the password generator creates a seed value (ri6665) and, by default, 500 password sets. Opie, once enabled through /etc/opieaccess, pam or other method (depending on your OS), will provide the seed and the sequence number, and the user must provide the password (not the passphrase). Opie, the Desktop Environment Opie ships with a number of native applications. GAuthify/GAuthify-PHP. Add Google Authenticator, SMS, Voice and E-Mail Multi-factor authentication to your product in minutes. RobThree/TwoFactorAuth. DuOauth module by simukti - ZF2 Modules. This ZF2 module provide user authentication using combination of Twitter OAuth, database checking, and Two-Factor-Authentication (Duo Security).

DuOauth module by simukti - ZF2 Modules

This ZF2 module provide user authentication using combination of Twitter OAuth, database checking, and Two-Factor-Authentication (Duo Security). Database checking process is up to developer, they can use mapper or whatever that return user data contain "username" field in a single array. Goal Simple and secure authentication.Works with Twitter API v1.1.For small web app/personal website. Flow Twitter Oauth Authentication --> Duo Auth TFA --> Database Verification Requirements Installation (1) Installation Download Zip/TarGz Download from github repo ,extract, and place DuOauth folder in your application module_paths. (2) Configuration Ensure this module, DuOauth are enabled in your application.config.php:Copy . Note License This module released under the MIT License.

Php composer.phar require "simukti/du-oauth" Require. Secure Cloud Identity Management. Simple Two-Factor SSH Authentication - Moocode Blog. In a two-part post I'm going to show you some tricks you can do with SSH logins.

Simple Two-Factor SSH Authentication - Moocode Blog

This post covers setting up two-factor SSH authentication with the Google Authenticator app. I was recently getting some servers in shape so I can pass the Payment Card Industry standards questionnaire and one requirement was two-factor authentication access to the server. I queried whether SSH key + passphrase was acceptable but didn't get a clear answer so I figured I'd explore setting up another authentication factor myself, plus it piqued my interest. After a bit of research I found it was possible using a PAM module but it doesn't work along with SSH key authentication (only password authentication) and I only use SSH key logins for my servers. The magic I wanted to find the simplest method of implementing this so I started looking at what we can do with SSH itself.

The command="... " part invokes a different command upon key authentication and runs the /usr/bin/my_script instead. Simple implementation. We are the security API of the Internet. Two-Factor Authentication. Two-Factor Authentication - Duo Security. FreeOTP.