我想实现的廉价2因素身份验证。我会怎么做呢? [英] I'm trying to implement 2 factor authentication on the cheap. How would I do that?
问题描述
行,所以我需要3 2。
Ok so I need 2 of the 3.
用户知道的。结果
用户拥有的信息。结果
一些用户。
Something the user knows.
Something the user has.
Something the user is.
我有暴露到因特网的系统,我们需要的客户端,以安全的方式连接,以满足我们的安全标准。
I have a system that is exposed to the internet and we need clients to connect in a secure manner to satisfy our security standards.
我在想,当用户注册使用我们的系统,我们给他们,他们安装他们的主系统上的应用程序。应用程序生成基于定时随机算法的一个关键。我们的应用程序服务器具有相同的算法,所以当用户提交与我们知道,他们是一个合法用户的关键凭据。
I'm thinking when a user registers to use our system we send them an application that they install on their home system. The application generates a key based on a timed randomness algorithm. Our application server has the same algorithm so when the user submits their credentials with the key we know that they are a legitimate user.
这是2因子认证的有效方法是什么?
Is this a valid method of 2 factor authentication?
什么是这样做的另一种方式?
What is another way of doing this?
有没有我应该知道的任何陷阱?
Are there any pitfalls that I should be aware of?
感谢您的帮助!
推荐答案
是的,这是进行双因素身份验证的有效方法。令牌的安全性(在计算机上的程序)当然只是为安全的计算机。如果它运行的是Windows,全盘皆输。
Yes, this is a valid method of performing two-factor authentication. The token security (the program on the computer) is of course only as safe as the computer is. If its running Windows, all bets are off.
您也可以到RSA或其他供应商和许可他人使用其SecurID的(或其他品牌)的标记,以及必要的中间件。它是一种经过验证的解决方案,而且最起码有别人的指责。
You can also go to RSA or other vendors and license their SecurID (or other brand) tokens, as well as the necessary middleware. Its a validated solution, and at the very least there is someone else to blame.
有关的基于时间的系统中,通常允许的窗口,其中该令牌是有效的(比翻车点以上),以允许时间偏移。您也可以与NTP服务器(使用SNTP,实现简单)检查,以获得准确的时间信息。
For time based systems, there is usually an allowed "window" where the token is valid (more than the roll-over point) to allow for time skew. You can also check with an NTP server (using SNTP, simple to implement) to get accurate time information.
对于所有的安全系统,有无数的陷阱。他们是很难得到的权利。被警告。买保险;)
As with all security systems, there are numerous pitfalls. They are very hard to get right. Be warned. Buy insurance ;)
这篇关于我想实现的廉价2因素身份验证。我会怎么做呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
