If the two match, the token will launch the default browser to the target site for the user. The WiKID software token performs mutual authentication by retrieving a hash of the website's SSL certificate from the WiKID server and comparing a hash of the downloaded SSL certificate.
While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks.
It is also recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. For Fedora and other RedHat flavors of Linux, it is recommended that you use mod_auth_xradius. Interestingly, a patch has been created to update mod_auth_radius to work with Apache 2.2+, however, it has only been updated for Debian and Ubuntu. A previous article described how to add two factor authentication to apache on Fedora. This document describes how to add WiKID two-factor authentication to Apache 2.2.x using mod_auth_radius on Ubuntu 8.1.
0 kommentar(er)
