Die Gesellschaft am Laufen halten – Schutz kritischer Infrastrukturen

Schutz kritischer Infrastrukturen durch Multi-Faktor-Authentifizierung (MFA)

Die moderne Welt ist komplex und vielschichtig, dabei hängt ihr Funktionieren von nur ein paar wenigen Grundpfeilern ab: Elektrizität, sauberes Trinkwasser, Abwasser- und Abfallentsorgung, Telekommunikation, Transportwesen und noch ein paar mehr. Diese Grundpfeiler werden kritische Infrastrukturen (KRITIS) genannt und ohne sie ist die moderne Welt, wie wir sie kennen, nicht möglich. Dementsprechend ist es eine wichtige Aufgabe sowohl für den öffentlichen als auch den privaten Sektor, kritische Infrastrukturen vor Naturkatastrophen und menschengemachten Gefahren zu schützen. Continue reading Die Gesellschaft am Laufen halten – Schutz kritischer Infrastrukturen

KeyIdentity Cybersecurity Webcasts – Wissen. Aber sicher.

Mit der jetzt im Herbst startenden Cybersecurity Webcast Serie von KeyIdentity möchten wir Sie stets zu den neuesten Entwicklungen der IT-Security informieren. Holen Sie sich Ihr Know-how aus erster Hand, diskutieren Sie mit unseren Experten und schützen Sie Ihr Unternehmen. Better be safe than sorry! Continue reading KeyIdentity Cybersecurity Webcasts – Wissen. Aber sicher.

The basics of multi-factor authentication: QR Tokens – Highly secure and highly versatile

One of the most secure and reliable ways to secure logins, data and transactions are QR tokens. They provide an easy-to-use and secure solution to multi-factor-authentication (MFA). And this is how authentication via QR tokens works: For a login or transaction, the user is shown a QR code. The user simply scans the QR code with the authenticator app on his smartphone.

All the user needs is mobile connectivity, no additional user input is necessary and no additional data is saved on the authenticated device. This means that QR tokens provided through the KeyIdentity MFA platform and LinOTP solution can also be used to facilitate secure offline authentication for laptops and mobile devices. Based on modern signature algorithms as well as the principles of device separation and transaction data validation, QR tokens allow for the highest level of security.  Continue reading The basics of multi-factor authentication: QR Tokens – Highly secure and highly versatile

thyssenkrupp entscheidet sich für Multi-Faktor-Authentifizierung von KeyIdentity

KeyIdentity hat mit thyssenkrupp einen weiteren DAX-Konzern als Kunden für seine LinOTP-Lösung gewonnen. Die Mitarbeiter des weltweit agierenden Industriekonzerns können sich künftig mittels Multi-Faktor-Authentifizierung (MFA) sicher im HR-Portal des Unternehmens anmelden. LinOTP von KeyIdentity löst damit die bisherige Zwei-Faktor-Authentifizierung (2FA) auf Basis einer SMS-Lösung ab.

Insbesondere für thyssenkrupp-Mitarbeiter im Ausland war die PIN-Übermittlung per SMS nicht mehr praktikabel, da die Nachrichten oft nur mit erheblicher Zeitverzögerung versendet wurden.

Flexible Auswahl von Authentifizierungs-Token

LinOTP von KeyIdentity bietet thyssenkrupp eine extrem hohe Flexibilität beim Einsatz unterschiedlicher MFA-Token und Service-Anbindungen. Der Zugang zum HR-Portal ist damit effizient und sicher zugleich: Mitarbeiter von thyssenkrupp können zwischen diversen Tokentypen wählen, um eine sichere Authentifizierung durchzuführen. Continue reading thyssenkrupp entscheidet sich für Multi-Faktor-Authentifizierung von KeyIdentity

Treffen der IT-Securitybranche | KeyIdentity @ itsa | 10. – 12. Oktober 2017 in Nürnberg

10.000 Fachbesucher, 489 Unternehmen, 19 Länder (in 2016) – die itsa zählt wenige Jahre nach ihrem Start zu den bedeutendsten IT-Security Messen weltweit. Dabei bietet ein umfassendes Angebotsspektrum eine Vielzahl an Möglichkeiten, sich gezielt zu IT-Security Themen auszutauschen. Die itsa findet vom 10. – 12. Oktober 2017 in Nürnberg statt.

Continue reading Treffen der IT-Securitybranche | KeyIdentity @ itsa | 10. – 12. Oktober 2017 in Nürnberg

The basics of multi-factor authentication: What is a push token and how can businesses benefit of it?

A Push Token is an advanced technology for an easy-to-use and secure multifactor authentication (MFA): When a user tries to access protected content or initiates a transaction, a push notification is sent to the users registered mobile device, for instance a smartphone. Continue reading The basics of multi-factor authentication: What is a push token and how can businesses benefit of it?

The basics of multi-factor authentication: How to pick the right token

Multi-factor authentication (MFA) is based on the idea that a user possesses several unique pieces of evidence which cannot be provided or accessed by a third party. This can be either knowledge like a password, biometric features like a fingerprint or a physical object like a hardware token.

Modern MFA solutions like LinOTP and the KeyIdentity MFA platform support a wide range of tokens to accommodate different use cases, risk levels and cost considerations in B2B and B2C scenarios. Here is a short overview on most common token types: hardware and software tokens, SMS and biometrics as well as QR and push tokens.

Hardware tokens: independent of the device running the application

Hardware tokens are available in various designs ranging from portable USB authenticators to keychain devices to flexible display panels embedded in identification cards. They all have one advantage in common: Since hardware tokens come with their own display and battery, they can operate independently of the device running the application.

A special type of hardware token is the standardized FIDO U2F supervised by the open-authentication industry consortium FIDO Alliance. Based on the Universal Second Factor standard U2F, users can “bring their own token” (BYOT). This means that tokens already owned can be reused at a consistent level of security Continue reading The basics of multi-factor authentication: How to pick the right token

MFA – save time by switching to LinOTP today

Regarding MFA (Multi Factor Authentication) the well-known administrator mantra “Never change a running system” is not accurate anymore, given today’s speed of IT technology development. In fact, regular changes have become a necessity to keep up with competitive markets. This is particularly true, if the new technology is driven by steady development to avoid unnecessary issues in the foreseeable future.

LinOTP brings substantial benefits for MFA-backed environments. It has no token vendor lock-in, it is open source and API-first developed. It is easy to set up and to integrate in the first place – it takes only about half a day in a standard environment. And we make sure that transitions from existing MFA solutions to LinOTP are stable, fast and painless for architects as well as for the performing administrators and the users.

Continue reading MFA – save time by switching to LinOTP today

What does LinOTP’s API-first development mean for you?

LinOTP – the open source MFA solution – is developed with an API-first strategy in mind. For us at KeyIdentity this does not mean to dogmatically follow each and every REST guideline but to think about the easiest yet most flexible way of introducing new features to our API in terms of simplicity of integration before the feature is actually implemented, while remaining backwards compatibility. Therefore, our API for all of our customers is feature complete.
For an integration product such as LinOTP, an easy integration into the user’s environment is probably the most important key feature. While historically LinOTP’s most used integration practice is based on the RADIUS protocol together with the FreeRADIUS server shipped with the KeyIdentity LinOTP Smart Virtual Appliance (SVA), the HTTP based API recently gains more and more importance. Especially for web applications LinOTP’s HTTP based API allows for easier and deeper integrations.
LinOTP features a stateless HTTP based API for validation, returning responses in the simple-to-parse JSON format. Request parameters may be sent as URL encoded data in a POST request’s body. This article will show what the API-first strategy means for you and how to integrate LinOTP into your own web applications.
To demonstrate LinOTP’s API by example, we show you how to integrate the QR Token into your environment.

Continue reading What does LinOTP’s API-first development mean for you?

FIDO U2F: what it is and how you can secure your web applications using LinOTP

This is the first part of a series of blog entries about FIDO U2F and how you can use FIDO U2F and LinOTP to secure your web applications.

Kicking off, we would like to introduce you to FIDO U2F and explain the idea behind it. Following blogs will be about the protocols and how you can use LinOTP to integrate FIDO U2F in your application.

What is FIDO U2F?

FIDO U2F is a technical specification defining a mechanism to reduce the reliance on passwords to authenticate users. It can be used to enrich a password-based authentication with a second factor or to replace the password-based login completely, depending on the use case.

FIDO U2F is developed by the FIDO Alliance (KeyIdentity is a member) and actively extended to new authentication models and markets. The driving idea behind FIDO U2F is to allow the user to bring their own token to their registration process and allow you to securely validate the identity of the user going forward and the user only having to use one token for all websites without compromising security.


Source: FIDO Alliance

USB, NFC and Bluetooth are now defined as transport protocols and a wide range of devices is available to make use of them. Your users can decide on the method and vendor they prefer, based on costs, design or availability. The FIDO U2F implementation on the side of the web application is the same for all tokens implementing the FIDO specifications.

FIDO U2F is based on public key cryptography. When the user registers at your site, a key pair specific to your site is generated in the FIDO U2F token and, depending on the device, is stored on the token. The public key is then registered in your LinOTP backend. When the user authenticates later on, a challenge is presented to the FIDO U2F token and proof of the possession of the private key is presented by signing the challenge. The FIDO protocols are designed to protect the user’s privacy. It is not possible to track a user across services even though the same token is used.

The handling of the device and the communication with the USB, NFS or Bluetooth transportation protocols is provided by the user’s browser and built-in or available as a plug-in. Currently only Google Chrome has built-in support, but support by Microsoft and plug-ins for Firefox are available.

FIDO U2F is still a pretty young standard, but adoption is picking up. After being developed mainly by Google and Yubico, the FIDO Alliance now has an impressive set of members and the range of specifications grew actively and in interesting areas over the last year.

This was just a quick introduction, in the following parts we will look at the registration and authentication process and how an implementation of FIDO U2F can look.