Book now with code EOY2025
laidbackfreak wrote: » The pin is encrypted an delivered via a turin image.
tiersten wrote: » A turin image?
laidbackfreak wrote: » Yep I'm just finishing implementing a soloution at my place. Combination of a pin and password. The pin is encrypted an delivered via a turing image.
tiersten wrote: » I've setup OpenSSH with SecurID before. The link to the ACE server was done with a patch to the OpenSSH code.
tiersten wrote: » I'm confused as to how your system works. I've never seen a CAPTCHA used for 2 factor before and I'm unsure how you'd actually implemented it as well.
gbadman wrote: » My thought exactly. Are you a religious man, laidbackfreak?
laidbackfreak wrote: » The pin is used in conjunction with the captcha. You know your pin and the image presents a random one time password (numerical) that you cross-reference to your pin For example :- your pin = 1234 Image presents 741852369 Underneath is 123456789 You would enter 7418 Does that make sense? This all links through to an ACS which authenticates to AD + another 3rd party product that generates the code etc
tiersten wrote: » Ahhh. Okay. Got you. Its not strictly 2 factor authentication though since both parts are something you know.
laidbackfreak wrote: » Yep that was my arguement too, but it's accepted as two factor due to the fact it gives you a one time password.
tiersten wrote: » If the machine had a keylogger that also took screenshots then the security of the PIN would be broken as the attacker would be able to reverse the typed in PIN to the real PIN digits. Anybody who can see the screen and the keyboard would also be able to work out the PIN. a little SecurID type token by Vasco .
laidbackfreak wrote: » The digits entered arent in clear text so you cant see what figures you enter.
tiersten wrote: » Wouldn't need to. You need the contents of the screen to see the generated number mapping image and what the user is typing either via observing what keys they press or a keylogger.
laidbackfreak wrote: » True but we have a couple of ways of delivering the security string, currently its via a vpn alternatively we can send it via text message. Something else I'm currently investigating as this meets the two factor side.
Use code EOY2025 to receive $250 off your 2025 certification boot camp!
