Difference between revisions of "One-Time Password Authenticator"
From MgmtWiki
(Created page with "==Full Title or Meme== Authenticators are devices in the user possession that can generate a one-time password. ==Context== Security Dynamics invented and patented the "Time-...") |
(→Problem) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
− | + | [[Authenticator]]s are devices in the user possession that can generate a one-time password. | |
==Context== | ==Context== | ||
− | Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238. | + | *Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011. |
==Problem== | ==Problem== | ||
− | Give users a | + | * Give users a hand-held device that can generate password for access to secure accounts. |
+ | * All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. <ref>Andy Greenberg ''The Full Story of te Stunning RSA Hack can Finally be Told'' World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/</ref> | ||
==Solution== | ==Solution== | ||
* The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server. | * The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server. | ||
* Now Microsoft, Google and others offer Authencators as [[Smart Phone]] [[Native App]]s. | * Now Microsoft, Google and others offer Authencators as [[Smart Phone]] [[Native App]]s. | ||
+ | |||
+ | The following is a list of some of the Authentictors now in use. | ||
+ | #[https://en.wikipedia.org/wiki/RSA_SecurID RSA SecurID] is the original device. It came in multiple form factors. | ||
+ | #[https://www.amazon.com/dp/B06XY6F14J Symantec VIP Security Card] size of a credit card. | ||
+ | #[https://www.amazon.com/dp/B06XY422T9 Symantec VIP Security Token] size of a key fob. | ||
+ | #[https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/dp/B01LYV6TQM/ Feitian MultiPass FIDO Security Key] | ||
+ | #[https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956 Google Authenticator] [[Native App]] | ||
+ | |||
+ | ==References== | ||
+ | |||
+ | [[Category:Glossary]] | ||
+ | [[Category:Security]] | ||
+ | [[Category:Authentication]] |
Latest revision as of 10:01, 22 May 2021
Full Title or Meme
Authenticators are devices in the user possession that can generate a one-time password.
Context
- Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011.
Problem
- Give users a hand-held device that can generate password for access to secure accounts.
- All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. [1]
Solution
- The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
- Now Microsoft, Google and others offer Authencators as Smart Phone Native Apps.
The following is a list of some of the Authentictors now in use.
- RSA SecurID is the original device. It came in multiple form factors.
- Symantec VIP Security Card size of a credit card.
- Symantec VIP Security Token size of a key fob.
- Feitian MultiPass FIDO Security Key
- Google Authenticator Native App
References
- ↑ Andy Greenberg The Full Story of te Stunning RSA Hack can Finally be Told World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/