Two Factor Authentication (Strong Authentication)

Or why does RSA/EMC have a monopoly on this stuff, anyway? Don't get me wrong - SecurID is a good product, with wide support and a large user base. However, it uses proprietary algorithms (we're big fans of open source), and is getting a bit tattered around the edges with age. I recently came across an interesting new approach from WikID Systems - WikID Strong Authentication. An open source commercial app, it is written from the ground up to be "Web 2.0" aware (hate marketing buzzwords) in that it is extensible with PAM, java, etc. Basically, the technology works like this. A secure token client on your local machine passes your PIN to the WikID server, using the server's public key for encryption. The server then returns a one time password to your client, which is then used to complete authentication. I've run some quick tests with the client, and it looks promising. Test it for yourself here, or they also offer an evaluation. We'll be doing some real world evaluation, and will follow up with a later post. BTW - ViewPoint is not affiliated with WikID Systems in any way - these are just my observations, and YMMV.