Difference between revisions of "One-Time Password Authenticator"

From MgmtWiki
Jump to: navigation, search
(Solution)
(Problem)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
==Full Title or Meme==
 
==Full Title or Meme==
Authenticators are devices in the user possession that can generate a one-time password.
+
[[Authenticator]]s are devices in the user possession that can generate a one-time password.
  
 
==Context==
 
==Context==
Line 6: Line 6:
  
 
==Problem==
 
==Problem==
Give users a hand-held device that can generate password for access to secure accounts.
+
* Give users a hand-held device that can generate password for access to secure accounts.
 +
* All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. <ref>Andy Greenberg ''The Full Story of te Stunning RSA Hack can Finally be Told''  World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/</ref>
  
 
==Solution==
 
==Solution==
Line 18: Line 19:
 
#[https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/dp/B01LYV6TQM/ Feitian MultiPass FIDO Security Key]
 
#[https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/dp/B01LYV6TQM/ Feitian MultiPass FIDO Security Key]
 
#[https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956 Google Authenticator] [[Native App]]
 
#[https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956 Google Authenticator] [[Native App]]
 +
 +
==References==
 +
 +
[[Category:Glossary]]
 +
[[Category:Security]]
 +
[[Category:Authentication]]

Latest revision as of 09:01, 22 May 2021

Full Title or Meme

Authenticators are devices in the user possession that can generate a one-time password.

Context

  • Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011.

Problem

  • Give users a hand-held device that can generate password for access to secure accounts.
  • All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. [1]

Solution

  • The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
  • Now Microsoft, Google and others offer Authencators as Smart Phone Native Apps.

The following is a list of some of the Authentictors now in use.

  1. RSA SecurID is the original device. It came in multiple form factors.
  2. Symantec VIP Security Card size of a credit card.
  3. Symantec VIP Security Token size of a key fob.
  4. Feitian MultiPass FIDO Security Key
  5. Google Authenticator Native App

References

  1. Andy Greenberg The Full Story of te Stunning RSA Hack can Finally be Told World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/