Difference between revisions of "One-Time Password Authenticator"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== Authenticators are devices in the user possession that can generate a one-time password. ==Context== Security Dynamics invented and patented the "Time-...")
 
(Problem)
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
Authenticators are devices in the user possession that can generate a one-time password.
+
[[Authenticator]]s are devices in the user possession that can generate a one-time password.
  
 
==Context==
 
==Context==
Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238.
+
*Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011.
  
 
==Problem==
 
==Problem==
Give users a handle held device that can generate password for access to secure accounts.
+
* Give users a hand-held device that can generate password for access to secure accounts.
 +
* All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. <ref>Andy Greenberg ''The Full Story of te Stunning RSA Hack can Finally be Told''  World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/</ref>
  
 
==Solution==
 
==Solution==
 
* The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
 
* The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
 
* Now Microsoft, Google and others offer Authencators as [[Smart Phone]] [[Native App]]s.
 
* Now Microsoft, Google and others offer Authencators as [[Smart Phone]] [[Native App]]s.
 +
 +
The following is a list of some of the Authentictors now in use.
 +
#[https://en.wikipedia.org/wiki/RSA_SecurID RSA SecurID] is the original device. It came in multiple form factors.
 +
#[https://www.amazon.com/dp/B06XY6F14J Symantec VIP Security Card] size of a credit card.
 +
#[https://www.amazon.com/dp/B06XY422T9 Symantec VIP Security Token] size of a key fob.
 +
#[https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/dp/B01LYV6TQM/ Feitian MultiPass FIDO Security Key]
 +
#[https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956 Google Authenticator] [[Native App]]
 +
 +
==References==
 +
 +
[[Category:Glossary]]
 +
[[Category:Security]]
 +
[[Category:Authentication]]

Latest revision as of 09:01, 22 May 2021

Full Title or Meme

Authenticators are devices in the user possession that can generate a one-time password.

Context

  • Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011.

Problem

  • Give users a hand-held device that can generate password for access to secure accounts.
  • All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. [1]

Solution

  • The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
  • Now Microsoft, Google and others offer Authencators as Smart Phone Native Apps.

The following is a list of some of the Authentictors now in use.

  1. RSA SecurID is the original device. It came in multiple form factors.
  2. Symantec VIP Security Card size of a credit card.
  3. Symantec VIP Security Token size of a key fob.
  4. Feitian MultiPass FIDO Security Key
  5. Google Authenticator Native App

References

  1. Andy Greenberg The Full Story of te Stunning RSA Hack can Finally be Told World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/