suggestions for smart card or biometric web authentication?

H

HK

Anyone have suggestions for biometric or smart card or key fob or [whatever
else] authentication of a future public facing website? For example, a
customer could do something to authenticate themselves and the computer
passes some data in the background of their browser session so a user can be
authenticated better than the typical "username/password" fields? We'd use
ASP.NET 2.0 on the server side. I see a few miscellaneous tools in a google
search but nothing is jumping out at me. For example, one is not really
..NET compatible but you could work around that. Not great. We also need
something affordable. Considering that online banking sites are exploring
better options to prevent spyware from grabbing usernames/passwords, I was
hoping someone in this group might have done some research into this already
and have some concrete thoughts or suggestions.

User Group Etiquette: Please don't be the first to reply to this post
unless you have something truly helpful to add, else others will think I've
already been helped and not read the post.
 
G

Guest

Anyone have suggestions for biometric or smart card or key fob or
[whatever else] authentication of a future public facing website?

Biometrics is still in its infancy - at least for the web.

As for keyfobs, take a look at RSA Security's SecureID authentication.
Also Entrust provides secure identity solutions.

SecurID needs a bit of fudging to work with ASP.NET:

http://sourceforge.net/projects/securid4dotnet/

A cheaper solution maybe to use client-side certificates. You send a
certificate to each user:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q315588

So to authentication, a user will need a password + certificate.

But I guess a bigger question is - are you going to provide all your
customers keyfobs or biometric readers? This stuff doesn't come cheap.
Also, are you willing to deal with all the support issues? Perhaps you
should consider building better logging/monitoring tools - and force
users to reset there passwords often?
User Group Etiquette: Please don't be the first to reply to this post
unless you have something truly helpful to add, else others will think
I've already been helped and not read the post.

Newsgroup (usenet)... not user group!

Anyhow, I don't think there is such an "etiquette" rule. What one
considers junk maybe gold for another? : ) You can always repost if you
don't like the answers!
 
O

owen.nick

HK:

You can have a look at our opensource two-factor authentication
solution:

http://www.wikidsystems.net (or
https://sourceforge.net/projects/wikid-twofactor/) and our commercial
site: http://www.wikidsystems.com.

We currently have a COM object for windows apps, but we're also working
on an ISAPI plugin.

In addition, the PC clients for mac, linux and windows can do mutual
authentication - i.e. host & user auth, which prevents MITM attacks. It
can run on a usb device. The commercial version supports wireless
devices - Blackberry, cell phones, Palm, WindowsMobile.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top