else] authentication of a future public facing website? For example, a
customer could do something to authenticate themselves and the computer
passes some data in the background of their browser session so a user can be
authenticated better than the typical "username/password" fields? We'd use
ASP.NET 2.0 on the server side. I see a few miscellaneous tools in a google
search but nothing is jumping out at me. For example, one is not really
..NET compatible but you could work around that. Not great. We also need
something affordable. Considering that online banking sites are exploring
better options to prevent spyware from grabbing usernames/passwords, I was
hoping someone in this group might have done some research into this already
and have some concrete thoughts or suggestions.
User Group Etiquette: Please don't be the first to reply to this post
unless you have something truly helpful to add, else others will think I've
already been helped and not read the post.HK:
You can have a look at our opensource two-factor authentication
solution:
http://www.wikidsystems.net (or
https://sourceforge.net/projects/wikid-twofactor/) and our commercial
site: http://www.wikidsystems.com.
We currently have a COM object for windows apps, but we're also working
on an ISAPI plugin.
In addition, the PC clients for mac, linux and windows can do mutual
authentication - i.e. host & user auth, which prevents MITM attacks. It
can run on a usb device. The commercial version supports wireless
devices - Blackberry, cell phones, Palm, WindowsMobile.
0 comments:
Post a Comment